A Firefox security flaw originally judged to be of low severity has been upgraded to high, but Firefox 18.104.22.168 “which will be available shortly,” according to the Mozilla Security Blog
, will include a fix for the problem.
The vulnerability, known formally as the “chrome protocol directory transversal,” concerns the so-called ‘flat’ add-ons that store their components in multiple files instead of using a single .jar file. A flaw in the way the program handles the chrome protocol could allow an attacker to retrieve data from a compromised system.
The vulnerability is not within the browser, according to Mozilla’s chief of security Window Snyder, but in how the extensions are written. You can check out a list of affected extensions
at Mozilla’s website while you wait for the next Firefox update.