Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Security concerns pull latest Firefox release

Imperva : 15 October, 2012  (Technical Article)
Mozilla withdraws version 16 release of the popular Firefox browser after web history leak vulnerability discovered
Security concerns pull latest Firefox release

Mozilla released Firefox version 16 to the public and within a day the browser had to be pulled from the Web over security concerns. According to Mozilla, the vulnerability could allow a malicious website to capture Web history, which could lead to certain hacker activity.

Below is an explanation from Tal Be'ery, Web Researcher at Imperva of the vulnerability and how it works:

"Firefox is basically leaking a URLs data across domains by not restricting javascript’s “location” method.  So, how does this work?

A “proof of concept” exploit for the vulnerability exists:

* A user browses to the attacker site.
* That attacker opens a new window in Twitter from attacker site.
* If the victim is signed in to twitter, then the user gets redirected to a URL that contains a personal twitter ID.
* The attacker can now query the new window on the URL and obtain the victim’s personal twitter ID.

On previous versions of Firefox, this attack would fail. However, there was a regression in Firefox 16 that allowed this attack to work.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo