Netscape flaw exposes hard drives

Author
Aron Schatz
Posted
May 1, 2002
Views
2073
Tags Software

Page All:

Page 1
An Israeli software firm has discovered a flaw in Netscape and Mozilla software that allows code hidden in a Web page to read files from the user's PC. The bug is a more serious variant of one patched in Microsoft's Internet Explorer in February.

[PAGEBREAK]
According to the report, verified by other developers, XMLHttpRequest doesn't properly check the security settings for some types of data requests in a Web page, allowing them, if properly disguised, to request data from the user's hard drive. The Internet Explorer bug required an attacker to know the name of a file on the user's PC in order to exploit that file, but the Mozilla bug also allows the contents of directories on the local drive to be listed.

GreyMagic Software report

There is no patch for this yet.

Title

Medium Image View Large