Do You Know What's Leaking Out of Firefox?
Mozilla security chief Window Snyder has confirmed an information disclosure flaw affecting fully patched versions of the Firefox browser.
Snyder's acknowledgment follows the public release of technical details--and proof-of-concept code--that shows how a vulnerability in the chrome protocol scheme allows directory traversal when a "flat" add-on is present in Firefox.
This allows escaping the extensions directory and reading files in a predictable location on the disk. Because many add-ons are packaged in this way--"flat" rather than contained in a .jar--the directory, a maliciously rigged page, can be used to load images, scripts or stylesheets from known locations on the disk.
Attackers may use this method to detect the presence of files that may give an attacker information about which applications are installed. This information may be used to profile the system for a different kind of attack.
Mozilla's security response team rates this a "low risk" issue, but this is something that should be fixed promptly, since it makes it very easy to do reconnaissance for a targeted attack.