http://news.com.com/Two+flaws+found+in+Firefox/2100-1002_3-6157307.html 

By Caroline McCarthy
Staff writer, CNET News.com
February 7, 2007

A security company has reported two new flaws in the Mozilla Firefox 
browser that may leave locally saved files vulnerable to outside 
attacks.

Both flaws were announced by SecuriTeam, a division of Beyond Security, 
this week. The first flaw lies in Firefox's pop-up blocker feature, 
according to a SecuriTeam statement on Monday. The browser typically 
does not allow Web sites to access files that are stored locally, 
according to the official report, but this URL permission check is 
superseded when a Firefox user has turned off pop-up windows manually. 
As a result, an attacker could use this flaw to steal locally stored 
files and personal information that might be stored in them.

A possible scenario for such an attack would involve the user clicking 
on a malicious link that would furtively plant a target file equipped 
with an exploit code on the computer's hard drive. Then it would display 
a prompt asking the user to allow a pop-up to appear in order to play a 
video file or download. The attacker-supplied file would then be loaded 
thanks to the browser flaw, which could give the attacker local file 
read privileges.

It appears that this flaw may only apply to older versions of Firefox, 
prior to the current 2.0 release, but Beyond Security was unavailable 
for comment on the matter.

The second flaw, announced by SecuriTeam on Wednesday, concerns 
Firefox's phishing protection feature. With this vulnerability, an adept 
phisher could fool the browser into believing that a fraudulent site is 
actually secure by adding particular characters into the URL of its Web 
site.

The phishing flaw does appear to apply to the current 2.0.0.1 version of 
Firefox.

Mozilla was unavailable for comment on Wednesday.


______________________________________
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss