Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Firefox Privacy Broken If Used to Open Web Page File
From: Liu Die Yu <liudieyu.com () gmail com>
Date: Tue, 07 Oct 2008 16:32:09 +0800
Brief from my Twitter:
The effect is exposing any location, incl your browsing history(about:cache etc) 04:54 AM October 05, 2008 from web Workaround: Do not use Firefox to open HTM/HTML - not from RAR package, not from remote Windows share folder, not from local, etc. 04:36 AM October 05, 2008 from web 

Some details from my blog:

* Also works on Firefox 3.0.3
* Also works on Firefox 3.0.2

...
For Firefox, location is wrong when dot URL shortcut is launched by HTML elements. Slightly variant from CVE-2008-2810 which is about command line and only fixed in that perspective. 

...

__________
Complete details and demo are available at http://liudieyu0.blog124.fc2.com/blog-entry-6.html

  By Date           By Thread  

Current thread:
  • Firefox Privacy Broken If Used to Open Web Page File Liu Die Yu (Oct 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]