A leading security researcher has discovered a vulnerability in Firefox that could compromise websites and browsers.
“[Firefox has] a design implementation that I believe could lead to a lot of websites and browser extensions being compromised, which could lead to the browser being compromised as well," researcher Petko Petkov told SCMagazineUS.com after revealing the flaw on Gnucitizen's blog.
“Attackers are able to launch cross-site scripting (XSS) attacks from any origin (kind of like universal XSS) or escalate their privileges to chrome (not trivial) by tricking the victim into performing an action, such as clicking on a link,” he said on the blog of Gnucitizen, a penetration-testing organization.
Firefox, unlike the Opera and Safari browsers, "treats data URLs like JavaScript URLs," giving data URLs enhanced privileges that can compromise the browser, he said.
“The problem is that developers are familiar [with] the dangers of JavaScript URLs, therefore they sanitize them (try to escape or remove them from the user input)," he added. "On the other hand, data URLs are taken lightly mainly because, in the past, they were not given the same privileges as JavaScript URLs."
Petkov called the flaw a "medium-risk" vulnerability.
"In some situations, however, this vulnerability could easily escalate to high-risk when combined with other low-risk issues,” he said.
Mozilla is aware of the vulnerability and "deciding what to do with it,” said Petkov, who found the flaw on Firefox version 2.0.0.8, but said it also impacts the just-released version 2.0.0.9. “I don't think that it is in their priority list at the moment. I believe that they might change their minds when someone uses the vector in a attack of a higher magnitude."
Mozilla representatives could not be reached for comment.
“[Firefox has] a design implementation that I believe could lead to a lot of websites and browser extensions being compromised, which could lead to the browser being compromised as well," researcher Petko Petkov told SCMagazineUS.com after revealing the flaw on Gnucitizen's blog.
“Attackers are able to launch cross-site scripting (XSS) attacks from any origin (kind of like universal XSS) or escalate their privileges to chrome (not trivial) by tricking the victim into performing an action, such as clicking on a link,” he said on the blog of Gnucitizen, a penetration-testing organization.
Firefox, unlike the Opera and Safari browsers, "treats data URLs like JavaScript URLs," giving data URLs enhanced privileges that can compromise the browser, he said.
“The problem is that developers are familiar [with] the dangers of JavaScript URLs, therefore they sanitize them (try to escape or remove them from the user input)," he added. "On the other hand, data URLs are taken lightly mainly because, in the past, they were not given the same privileges as JavaScript URLs."
Petkov called the flaw a "medium-risk" vulnerability.
"In some situations, however, this vulnerability could easily escalate to high-risk when combined with other low-risk issues,” he said.
Mozilla is aware of the vulnerability and "deciding what to do with it,” said Petkov, who found the flaw on Firefox version 2.0.0.8, but said it also impacts the just-released version 2.0.0.9. “I don't think that it is in their priority list at the moment. I believe that they might change their minds when someone uses the vector in a attack of a higher magnitude."
Mozilla representatives could not be reached for comment.
