• On TechRepublic: Five super-secret features in Windows 7
January 30, 2008 10:02 AM PST

Mozilla fixes Firefox's flat add-on vulnerability

by Robert Vamosi
  • Font size
  • Print
  • 1 comment

The security team at Mozilla has fixed the flat add-on vulnerability acknowledged last week. However, no decision has been made when Firefox 2.0.0.12 will be pushed out to users' desktops.

The vulnerability, known formally as the "chrome protocol directory transversal," occurs when a "flat" add-on is present. In this case, an extension to the browser stores its information within JavaScript files as opposed to JAR files. Window Snyder, Mozilla's chief of security, says the vulnerability is not within the browser, but in how the extensions are written.

An attacker exploiting this flaw may be able to retrieve data or profile a compromised system.

Extensions such as Greasemonkey and Download Statusbar were initially mentioned. However, the current list of affected extensions provided by Mozilla is much longer.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Browsers and extensions,

Security

Tags:

security,

Mozilla,

Firefox

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Recent posts from Defense in Depth
Window Snyder to leave Mozilla
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
Related
After 5 years, Firefox faces new challenges
Latest Firefox beta offers file-handling feature
New Firefox 3.6 beta aims to cut crashes
Is Mozilla's contributions program working?
Microsoft's Web business spurring development of IE
Near-final Thunderbird 3 due next week
The browser battles go on and on
Firefox-syncing Weave updates to beta
Add a Comment (Log in or register)
by jakida June 3, 2008 9:54 PM PDT
Project : Sanctity mostafij
6/A/2 Link Road,Shamoli,Mohadpur, Dhaka, Bangladesh.
Size : A-1037 Sft, B-1077Sft.
Price : 3500/- Sft.
Carparking : 2,00,000/-
Reply to this comment
advertisement

S.F. hacker space: Heaven for the DIY set?

The Noisebridge hacker space offers sewing and Mandarin classes, soldering workshops, Internet-controlled front door access, and a server room with no door.
• Photos: Circuits, code, community

The browser battles go on and on

roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET