Firefox Remote SMB Document Local File Disclosure Vulnerability
BID:12533
Info
Firefox Remote SMB Document Local File Disclosure Vulnerability
| Bugtraq ID: | 12533 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2005 12:00AM |
| Updated: | Feb 12 2005 12:00AM |
| Credit: | Announced by Jelmer Kuperus <[email protected]>. |
| Vulnerable: |
Mozilla Firefox 1.0 Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox Preview Release |
| Not Vulnerable: | |
Discussion
Firefox Remote SMB Document Local File Disclosure Vulnerability
A vulnerability has been published that may allow for attackers to read the contents of attacker-specified files on the client users filesystem. To exploit this vulnerability, the attacker must place a HTML document containing code (the example uses XMLHttpRequest) to read the target file on a remote SMB share. The attacker must then create flash content that will load the remote document via file:// URI. It is likely that only Firefox on Windows systems is affected.
This vulnerability may be related to BID 12466.
A vulnerability has been published that may allow for attackers to read the contents of attacker-specified files on the client users filesystem. To exploit this vulnerability, the attacker must place a HTML document containing code (the example uses XMLHttpRequest) to read the target file on a remote SMB share. The attacker must then create flash content that will load the remote document via file:// URI. It is likely that only Firefox on Windows systems is affected.
This vulnerability may be related to BID 12466.
Exploit / POC
Firefox Remote SMB Document Local File Disclosure Vulnerability
A proof of concept demonstration is described by Jelmer in his post to the Bugtraq mailing list. See the references section.
A proof of concept demonstration is described by Jelmer in his post to the Bugtraq mailing list. See the references section.
Solution / Fix
Firefox Remote SMB Document Local File Disclosure Vulnerability
Solution:
It is reported that this issue may have been addressed in Firefox 1.0.1. This is not confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that this issue may have been addressed in Firefox 1.0.1. This is not confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Firefox Remote SMB Document Local File Disclosure Vulnerability
References:
References:
- Fireflashing [Firefox 1.0] ("mikx"
- Re: [Full-Disclosure] Fireflashing [Firefox 1.0] (Jelmer Kuperus