You are here: Known Vulnerabilities in Mozilla Products (Firefox 2.0.0.8) > MFSA 2007-34

Mozilla Foundation Security Advisory 2007-34

Title: Possible file stealing through sftp protocol
Impact: Moderate
Announced: October 18, 2007
Reporter: Georgi Guninski
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.8
  SeaMonkey 1.1.5

Description

On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server.

References