Firefox, Opera Flaw Could Transfer User’s Web Content Elsewhere
A vulnerable code in Firefox and Opera that affects the manner in which BMP files are handled has been detected. The code is used to create a BMP file which is used to leak information, according to the Computer Science Researcher at vexillium.org.
The flaw affects Firefox 188.8.131.52 and the browser's earlier versions. It also affects the beta version of Opera 9.50. On using this flaw, Firefox 184.108.40.206 might crash due to an error in heap boundary. Therefore, this allows crashing of the browser from a remote location.
According to the Vexillium Computer Science Researcher, Gynvael Coldwind, the biggest problem for both the browsers, Firefox and Opera, is how to handle a bitmap or '.BMP' image file, as reported by Macworld on February 18, 2008.
The vulnerability in BMP handling is, however, also present in other browsers like Apple Safari. But in that browser, there is no option of obtaining the image content; hence, it does not pose much threat. Interestingly, Apple Safari suffers a similar fault with some of the GIF files.
An attacker, who creates a crafty bitmap file, could also pull data from the memory of the browser. In some instances, the information captured could be random, while in others, it could be worthy. The harvested information could be that of different kinds such as contents from other sites, users' stored favorites and history, or other data.
The flaw, which is moderately severe, also involves controls on file inputs to create a way to arbitrarily upload files, assuming attackers have knowledge of the entire path and the file name.
In related news, Opera has objected to Mozilla's dealing with the revelation of vulnerability, affecting both companies' browsers. Mozilla patched this vulnerability as well as the other more severe flaws with Firefox 220.127.116.11 on February 7, 2008.
» SPAMfighter News - 25-02-2008