#1
Duuhhh

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an application security researcher, shared his findings, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.
Tawily told The Hacker News that Firefox is the only major browser that didn't change its insecure implementation of Same Origin Policy (SOP) for File URI Scheme over time and also supports Fetch API over file protocol.


Demo: Firefox Local Files Theft (Unpatched)

[Video: https://youtu.be/XU223hfXUVY]
Firefox is not going to patch it anytime soon

The researcher responsibly reported his new findings to Mozilla, who responded by saying "Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders."
This suggests that the company currently seems to have no plans to fix this issue in its browser anytime soon.
In 2015, researchers discovered a similar, but remotely executable, vulnerability in the same-origin policy for FireFox that attackers exploited in the wild to steal files stored on Firefox users' computers when they clicked malicious ads on websites.




Looks like I won't be going to Firefox anytime soon even though the browser customization in terms of privacy is far superior than any browser out there now.


Source: https://thehackernews.com/2019/07/firefo...cking.html