TITLE:
Firefox "View Image" Local Resource Linking
Weakness
SECUNIA ADVISORY ID:
SA19698
VERIFY ADVISORY:
http://secunia.c
om/advisories/19698/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
Mozilla Firefox 1.x
http://secunia.com/p
roduct/4227/
DESCRIPTION:
PSPFrenzy has discovered a weakness in Firefox, which can be
exploited by malicious people to bypass certain security
restrictions.
Internet web sites are normally not allowed to link to local
resources. It is, however, possible by a malicious web site
to
open
local content in the browser by tricking a user into
right-clicking
and choosing "View Image" on a broken image,
which is
referencing a
local resource (e.g. via the file: URI handler).
NOTE: This does not pose any direct security impact by
itself,
but
may be exploited in combination with other vulnerabilities.
The weakness has been confirmed in version 1.5.0.2. Other
versions
may also be affected.
SOLUTION:
Do not use the "View Image" functionality on
untrusted web
sites.
ORIGINAL ADVISORY:
h
ttps://bugzilla.mozilla.org/show_bug.cgi?id=334341
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|