火狐又爆两漏洞
02月08日消息: 据国外媒体报道火狐又爆两漏洞,不仅对之前的版本起作用,甚至对现在的 2.0.0.1版本也受到殃及 。其两漏洞的缺点被 SecuriTeam 宣布了, 超过安全的区分, 这星期。 在 Firefox 的第一个漏洞谎言跳上阻塞特征, 根据在星期一对一份 SecuriTeam 陈述。 浏览器典型地不让网站存取地方性地被储存的文件,依照官员报告,但是当 Firefox 使用者已经用手关掉跳出的窗户的时候,这一个网址许可检查被替代。 结果,一个攻击者可以使用这一个缺点偷被地方性储存的文件和可能在他们被储存的个人的数据。
A security company has reported two new flaws in the Mozilla Firefox browser that may leave locally saved files vulnerable to outside attacks.
Both flaws were announced by SecuriTeam, a division of Beyond Security, this week. The first flaw lies in Firefox’s pop-up blocker feature, according to a SecuriTeam statement on Monday. The browser typically does not allow Web sites to access files that are stored locally, according to the official report, but this URL permission check is superseded when a Firefox user has turned off pop-up windows manually. As a result, an attacker could use this flaw to steal locally stored files and personal information that might be stored in them.
A possible scenario for such an attack would involve the user clicking on a malicious link that would furtively plant a target file equipped with an exploit code on the computer’s hard drive. Then it would display a prompt asking the user to allow a pop-up to appear in order to play a video file or download. The attacker-supplied file would then be loaded thanks to the browser flaw, which could give the attacker local file read privileges.
It appears that this flaw may only apply to older versions of Firefox, prior to the current 2.0 release, but Beyond Security was unavailable for comment on the matter.
在星期三被 SecuriTeam 宣布的第二个漏洞,与 Firefox 的网路钓鱼保护特征有关。 藉由这一个易受伤,熟练的 phisher 可以愚弄浏览器进入相信一个欺诈的位置藉由把特别的个性加入它的网站的网址实际上安心。
网路钓鱼缺点似乎适用于 Firefox 的现在 2.0.0.1个版本。
Mozilla 对此事尚未有明确的回应