A previously reported directory traversal vulnerability in Firefox which was rated as Low Severity has been upgraded to “Hig Severity”, but fix is on the way.

The issue is about the so-called ‘flat’ add-ons that store their components in multiple files instead of using a single .jar file. A flaw in the way the program handles the chrome protocol means a maliciously crafted web page is able to traverse directories in order to read data from known locations.

The problem will be resolved when Firefox 2.0.0.12 (which will be available shortly, according to the Mozilla Security Blog) becomes available.

Popularity: 4% [?]

Rate this:
2.5