Firefox 0day local file reading
By secgeeks - Posted on May 28th, 2007
76
vote
RSnake mentioned a potential way to read security sensitive configuration settings from Firefox on ha.ckers.org, with an example PoC from Sergey Vzloman that used the resource:// URL protocol handler in Firefox. Unfortunately, the settings that were read were the default settings inside the Firefox install directory.
An example resource URL would be resource://gre/greprefs/security-prefs.js which reads the security-prefs.js file from your Firefox install directory, which on Windows could be C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js. Mozilla must have acknowledged the potential for directory traversal here, as they have blocked any attempts at including the string ..\ or ../ inside resource: requests.
BK demonstrated in the thread that Mozilla does not properly sanitize the input properly, and that you can circumvent this restriction by using ..%5C instead of ..\ which means that you can read arbitrary files from the local system by exposing the file contents as readable properties on SCRIPT or CSS tags.
Continue reading here....
Bookmark/Search this post with:
- Add new comment
- Get Our RSS Feeds
- Email this page
- 664 reads
Recent comments
2 weeks 4 days ago
10 weeks 3 days ago
12 weeks 3 days ago
12 weeks 3 days ago
13 weeks 5 days ago
14 weeks 1 day ago
15 weeks 4 days ago
15 weeks 5 days ago
21 weeks 3 days ago
21 weeks 5 days ago