Firefox Exploit Leads to Gmail Break-Ins

Dennis Faas's picture

A security loophole in the Mozilla Firefox web browser has been identified, which may make Google user accounts vulnerable to exploitation by potential hackers. Using cross-site scripting protocols, individuals may be able to access private information without the knowledge of their victims.

This vulnerability was first brought to the attention of internet junkies by Petko D. Petkov, a.k.a 'pdp', founder of the GNUCITIZEN group. His investigation led to the discovery of the Firefox exploit, which is not currently detected in rival web browsers. (Source: gnucitizen.org)

The issue arises from the ability of hackers to insert .zip files via document formats from common word processing software, and subsequently upload that file onto a server. Firefox JAR protocol allows this compressed data to be uploaded remotely by unauthorized personnels. The specific vulnerability to Google accounts was discovered by bedford.org's Morgan Lowtech, who elaborated that this technique can be used to gain access and modify user accounts, email, and contact lists.

Shockingly this vulnerability does not come as a surprise to Mozilla's security chief Window Snyder, as it was internally discovered in the company over eight months ago. No explanation has been given as to the absence of a patch to fix this issue, however Snyder assures Firefox users that it will be fixed "very soon". However there are several third party patches available online, including a 'NoScript' add-on for Firefox, which blocks JavaScript from untrusted web sites. (Source: zdnet.com)

This will however limit a user's internet experience, as JavaScript are widely used on an array of websites. An alternative security measure suggested by Petkov is to "use white rather then black listings, i.e. you allow only http: and https: protocols, opposed to you allow all protocols apart from JavaScript." While internet enthusiasts have voiced their concerns as to the delayed response by Mozilla, the impact of this vulnerability to the popularity of the Firefox browser has been negligible. (Source: gnucitizen.org)

Rate this article: 
No votes yet