The security expert Barak Tawily demonstrated that opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a 17-year-old known bug in the browser.
The researcher published the details of the attack through TheHackerNews website and demonstrated that his technique works against the latest version of Firefox.
“Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.” reported TheHackerNews.
The expert was analyzing the implementation of the Same Origin Policy in Firefox when discovered that it is vulnerable to local files theft attack.
“Recently, I was performing a research on Same Origin Policy attacks, I managed to realize that the la version of Firefox (currently 67) is vulnerable to local files theft attack (on any supported OS), due to improper implementation of Same Origin Policy for file scheme URIs. Let’s go over the PoC details then I will provide an explanation of why its not patched yet.” wrote the expert.
According to Tawily, Firefox didn’t fix the flawed implementation of the Same Origin Policy (SOP) for File URI Scheme over the years.
The expert also shared details of its PoC and a video PoC of the attack. Tawily explained how an attacker can easily steal secret SSH keys of Linux victims if they save downloaded files in the user-directory that includes SSH keys in its subfolder.
file:///home/user/-malicious.html
, and the iframe source will be file:///home/user/
)file:///home/user/
).file:///home/user/
), such as SSH private key by simply fetching the URL file:///home/user/.ssh/ida_rsa
and stealing any file by 1 more fetch request to the attacker’s malicious website with the files’ content.An attacker could successfully carry out the attack by tricking victims into downloading and opening a malicious HTML file on the Firefox web browser and into clicking on a fake button to trigger the exploit.
“Tawily told The Hacker News that all the above-mentioned actions could secretly happen in the background within seconds without the knowledge of victims, as soon as they click the button place carefully on the malicious HTML page.” continues The Hacker News
The expert reported the flaw to Mozilla, but the company seems to have no intention to fix the issue soon.
“Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders.” reads the reply from Mozilla.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Same Origin Policy, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.