Mozilla prepares fix for Firefox's flat add-on vulnerability

By on January 31, 2008, 4:39 PM
A Firefox security flaw originally judged to be of low severity has been upgraded to high, but Firefox 2.0.0.12 “which will be available shortly,” according to the Mozilla Security Blog, will include a fix for the problem.

The vulnerability, known formally as the “chrome protocol directory transversal,” concerns the so-called ‘flat’ add-ons that store their components in multiple files instead of using a single .jar file. A flaw in the way the program handles the chrome protocol could allow an attacker to retrieve data from a compromised system.

The vulnerability is not within the browser, according to Mozilla’s chief of security Window Snyder, but in how the extensions are written. You can check out a list of affected extensions at Mozilla’s website while you wait for the next Firefox update.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.