UPDATE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
From: GreyMagic Software (security@GREYMAGIC.COM)Date: 05/01/02
- Previous message: Sam Greenfield: "Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 1 May 2002 11:09:55 +0200 From: GreyMagic Software <security@GREYMAGIC.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Hello,
A bit after we released the advisory we received two emails, which notified
us that through testing in our demonstration, they found out that this bug
can also be used to list files in folders.
That alone, makes this bug far more volatile than the one patched by
MS02-008. It is possible to recursively build a tree of the victim's file
system, along with size, date and the content of files.
This vulnerability opens the entire file system up for reading (as long as
the browser user has access).
We added a "Mozilla Disk Explorer" demonstration to our advisory, which lets
you browse through your local disk, entering folders and reading files with
a simple click. Everything you see in this demonstration could be easily
transferred to an attacking server, logging your file system structure and
contents.
You can view it at http://sec.greymagic.com/adv/gm001-ns/mozexplorer.html
Thanks to "loon" and Gerd Zemella for letting us know.
On a different note, this issue has been fixed by the Mozilla crew, thanks
for the quick patch.
- GMS
- Previous message: Sam Greenfield: "Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
