Mozilla Prepping Firefox Chrome Fix

David Utter
Staff Writer
2008-01-30

Though Firefox users would only be vulnerable if a chrome package is flat, rather than contained in a jar, Mozilla plans a quick fix.

Until Firefox 2.0.0.12 starts hitting clients running automatic updates for the browser, Window Snyder, Firefox chief security officer, urged Add-On authors who use flat packaging for their work to switch to jar packaging.

Originally, the chrome protocol directory traversal received a rating of Low from the Firefox security group, Snyder's post said the rating has been pushed to High.

"An attacker can use this vulnerability to collect session information, including session cookies and session history. Firefox is not vulnerable by default," said Snyder.

A partial list of add-ons impacted by the issue included listings for Greasemonkey (greasemonkey-0.6.8.20070314.0-firefox) and Google Reader (google_reader_notifier-0.21-fx) among them. One commenter on Snyder's first post said the NoScript extension prevents chrome URIs from being loaded as scripts in content pages.

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

Security News RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials