[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Firefox Privacy Broken If Used to Open Web Page File

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Firefox Privacy Broken If Used to Open Web Page File
From: Liu Die Yu <liudieyu.com@xxxxxxxxx>
Date: Tue, 07 Oct 2008 16:32:09 +0800

Brief from my Twitter:

The effect is exposing any location, incl your browsinghistory(about:cache etc) 04:54 AM October 05, 2008 from webWorkaround: Do not use Firefox to open HTM/HTML - not from RAR package,not from remote Windows share folder, not from local, etc. 04:36 AMOctober 05, 2008 from web


Some details from my blog:

* Also works on Firefox 3.0.3
* Also works on Firefox 3.0.2

...

For Firefox, location is wrong when dot URL shortcut is launched by HTMLelements. Slightly variant from CVE-2008-2810 which is about commandline and only fixed in that perspective.


...

__________

Complete details and demo are available athttp://liudieyu0.blog124.fc2.com/blog-entry-6.html

Prev by Date: [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities
Next by Date: [SECURITY] [DSA-1646-1] New squid packages fix array bounds check
Previous by thread: [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities
Next by thread: [SECURITY] [DSA-1646-1] New squid packages fix array bounds check
Index(es):
- Date
- Thread