Just when you thought it was safe to troll in the WWW waters with Firefox, comes this article on TechRepublic about a new flaw that has the potential to cause problems reminiscent of IE.
Window Snyder, Mozilla’s chief of security confirmed a data leak vulnerability in Firefox’s directory traversal mechanism. The flaw has been graded as a low-risker and was brought to light as a proof of concept.
Wait, what?? (and Mozilla's main security guru has a first name of "Window"??????)
When a “flat” add-on is present, an extension which stores its information within Javascript files as opposed to .jar files, an attacker exploiting this flaw may be able to retrieve data or profile a compromised system. Extensions such as Greasemonkey and Download Statusbar may be affected.
Sounds rather IE-ish to me. At least they say it's a low risk flaw.....
Check the TechRepublic article for links to the full report.
Return radar screens to normal scanning mode.
