You are here: Known Vulnerabilities in Mozilla Products (Firefox 220.127.116.11) > MFSA 2007-34
Mozilla Foundation Security Advisory 2007-34
Title: Possible file stealing through sftp protocol
Announced: October 18, 2007
Reporter: Georgi Guninski
Products: Firefox, SeaMonkey
Fixed in: Firefox 18.104.22.168
On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server (/tmp perhaps) and lure the victim into loading it, the attacker could potentially read any file owned by the victim from known locations on that server.