US-CERT encourages users to enable the “Ask where to save each file before downloading” option within the “Minor Tweaks” tab in the browser preferences. Although this does not fix the underlying vulnerability, selecting this option will warn the user before files are downloaded. Users should still exercise caution when visiting and downloading items from untrusted websites.

Source: US-CERT

[digg-reddit-me]

Issue
A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure.

Impact
When a chrome package is “flat” rather than contained in a .jar the directory traversal allows escaping the extensions directory and reading files in a predictable location on the disk. Many add-ons are packaged in this way.

A visited attacking page is able to load images, scripts, or stylesheets from known locations on the disk. Attackers may use this method to detect the presence of files which may give an attacker information about which applications are installed. This information may be used to profile the system for a different kind of attack.

Some extensions may store information in Javascript files and an attacker may be able to retrieve those. Greasemonkey user scripts may be retrieved using this method. Session storage and preferences are not readable through this technique.

Users are only at risk if they have one of the “flat” packaged add-on installed. Examples of popular add-ons that are vulnerable include: Download Statusbar and Greasemonkey.
Source: blog.mozilla.org

Web Browsers News. Subscribe to our RSS Feed.