Hey folks there is a new vulnerability in Firefox that Secunia has an advisory on. This is a remotely exploitable one and there is currently no patch for this vulnerability. That should be rectified in short order y the Mozilla folks.

Description:
Charles McAuley has reported a vulnerability in Firefox, which can be exploited by malicious people to trick users into disclosing sensitive information.

The vulnerability is caused due to a design error where a script can cancel certain keystroke events when entering text. This can be exploited to trick a user into typing a filename in a file upload input field by changing focus and cancel the “OnKeyPress” JavaScript event on certain characters.

Successful exploitation allows an arbitrary file on the user’s system to be uploaded to a malicious web site, but requires that the user types a text containing the characters of the filename.

The vulnerability has been confirmed in version 1.5.0.4. Other versions may also be affected.

The current fix is to disable java script.

Article Link

[tags]Firefox vulnerability, Vulnerability, Remote Exploit, Security[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.