From the “weird and wacky ways browser can be exploited” files:
As I noted last week Firefox 3.0.4 is out now (technically late yesterday) fixing at least 9 security fixes four of which are labeled as “critical”.
There are (as usual) some flawa that I consider to be really interesting – in that they are attack vectors that I just haven’t heard off or seen before. One of them is a Cross Site Scripting (XSS) and JavaScript privilege escalation via a Firefox browser session restore.
I love the Session Restore feature as I’m the kind of user that always has 10+ tabs open all the time. To think that it could be used as a vehicle to exploit me is “interesting” to say the least. According to Mozilla, as a result of that flaw potentially, “any otherwise unexploitable crash can be used to force the user into the session restore state.”
Mozilla also provides a fix for a flaw that could have enabled an attacker to steal user information from local shortcut files. Shortcut files?! Really? Mozilla only labels this flaw as “moderate” since they view it as being a little complex to execute. The way the attack would work is that .url shortcut files could potentially be used to read local cache information if the user downloaded both an HTML file and a .url shortcut.
As part of the update Mozilla is also updating Firefox 2.x to 2.0.0.19 though it’s clear that the Firefox 2.x’s days are numbered. With Firefox 3.1 around the corner (the Beta 2 release is likely next week now with a test day scheduled for Friday), it will soon be time for Firefox 3.x users to upgrade too.