Sat. Jul 11th, 2020

Firefox exists a 17-year-old vulnerability which attackers steal files stored locally by users

2 min read

Downloading .HTML files through a browser are usually phishing or scam, but researchers have found that sometimes it can be used to steal user files. The researchers found a 17-year-old security vulnerability in Firefox, and the vulnerability currently affects the latest version of Firefox. Vulnerabilities are primarily accessed using the same-origin policy of Firefox, which allows arbitrary files to access a particular folder and its contents.

This flaw for Firefox has been discussed by security people a long time ago, but no one has ever published the full details of exploiting vulnerabilities. Until now, researchers have successfully read on the latest version of Firefox, which could threaten millions of Firefox users. Of course, the core problem is that the attacker needs to construct a specific code, and then need to induce the user to download the file and then use the Firefox browser to open the file.

The vulnerability is triggered when the user clicks on the button on the file, and the page executes the appropriate code to read other files in the same path as the file. In the test, the researchers saved the file to the Linux home directory, and the key information such as the SSH key was successfully uploaded to the specified server after the vulnerability was triggered.

As mentioned earlier, the vulnerability itself has been discussed for a long time but has no results. The main reason is that the Firefox browser’s same-origin policy itself has no problem. The Firefox browser responded to the researchers’ report saying that our implementation of the same-origin policy is to allow access to folders and files in the same path.

The researchers said that Firefox does not have any responsibility in some respects, because it is not Firefox but the Internet Engineering Task Force. A similar vulnerability was exploited in the wild a few years ago when users click on a malicious ad would trigger a vulnerability to steal a user’s private files.

Via: TheHackerNews