Mozilla Foundation Security Advisory 2008-27
Title: Arbitrary file upload via originalTarget and DOM Range
Impact: High
Announced: July 1, 2008
Reporter: Claudio Santambrogio
Products: Firefox, SeaMonkey
Fixed in: Firefox 2.0.0.15
SeaMonkey 1.1.10
Description
Opera developer Claudio Santambrogio reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal files from known locations on a victim's computer.
Firefox 3 is not vulnerable to this attack due to the changed design of the file upload form element.
Workaround
Disable JavaScript until a version containing these fixes can be installed.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=423541
* CVE-2008-2805