InfoWorld
By Robert McMillan, IDG News Service
January 23, 2008
Browser flaw that could give attackers unauthorized access to data on a victim’s machine is a low-severity problem, Mozilla says
Mozilla is working to fix a browser flaw that could give attackers unauthorized access to data on a victim’s machine.The problem is similar to other data leakage flaws found in the open-source browser, according to researcher Gerry Eisenhaur, who first reported the problem on Saturday.
Eisenhaur has posted sample code that reads the contents of a Mozilla Thunderbird preferences file, but he believes that attackers could get access to more information with variations on his attack. “It’s possible to load any JavaScript file on a victim’s machine,” he wrote in his blog posting. “This looks very interesting and may have bigger potential, but for now, it’s just another information disclosure [flaw].”