Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability

[ronjor]

Quote:

A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of potentially sensitive informatio

Netscape and Mozilla are also affected. A test is at the link.

Secunia

[ronjor]

Flaw found in Firefox

Quote:

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer

More Info

[Kye-U]

If you happen to use Proxomitron, here is a filter that *may* block this vulnerability (I still don't have a clear idea on how this flaw works):

Code:

[Patterns]
Name = "Mozilla: Memory Access Remover [Kye-U]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))"
Limit = 30
Match = ".replace\(\w,function\($[#1-9]\)"
Replace = ".Shonenscape"

[Marja]

\\\\\\\\\\







Well, that was fun! It felt like half my computer's brain was just left at Secunia! So, Promoxitron is the only workaround right now?

[Marja]

So I disabled javascript and now I can only answer in this little quote box, or is that something else?

[gottadoit]

You might be able to do the same sort of thing with the greasemonkey extension

If you haven't seen it before this extension allows you to make arbitrary changes to webpages dynamically

• useful to fix pages that are slightly broken under Moz/FF
• useful to add in features rather than waiting for the site owners...
• possibly useful in this case to dynamically ferret out unwanted js behaviour

Greasemonkey can be found at http://greasemonkey.mozdev.org/

[Kye-U]

There's a fix out now:

https://bugzilla.mozilla.org/show_bug.cgi?id=288688