Secunia Advisory: SA25990
Release Date: 2007-07-10
Critical: Less critical
Impact: Spoofing
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 2.0.x
Description:
Michal Zalewski has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information and conduct spoofing attacks.
The vulnerability is caused due to an error in the handling of the "wyciwyg://" URI handler. This can be exploited to access or spoof contents from a previously cached web site e.g. via HTTP 302 redirects when a user visits a malicious web page.
The vulnerability is confirmed in version 2.0.0.4. Other versions may also be affected.
Solution:
Do not browse untrusted web sites.
Provided and/or discovered by:
Michal Zalewski
Original Advisory:
http://lcamtuf.coredump.cx/ffcache/
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
