Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2008-27

Arbitrary file upload via originalTarget and DOM Range

Announced
July 1, 2008
Reporter
Opera Software
Impact
High
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.15
  • SeaMonkey 1.1.10

Description

Opera Software reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal files from known locations on a victim's computer.

Firefox 3 is not vulnerable to this attack due to the changed design of the file upload form element.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References