Two new vulnerabilities were discovered in Firefox

Security vendor SecuriTeam has announced two new vulnerabilities in its Mozilla Firefox browser, which could allow hackers to save files to their computers to trigger an attack.

The first vulnerability lies in Firefox's pop-up lock feature. Normally, Firefox does not allow websites to access locally stored files; however, this test feature cannot work if Firefox users arbitrarily turn off the browser's pop-up lock feature. As a result, an attacker can use this vulnerability to steal files stored on the hard drive and personal information stored in it.

The context of the vulnerability is described as follows: the attacker will entice the user to click on a malicious link with the original file connected to the exploit code on the victim's computer hard drive. Then, there will be a notification window asking users whether to allow the pop-up window to appear to view the video file or download the file. Then the file provided by hackers will be downloaded to the computer by the browser vulnerability, and allows hackers to gain the right to read files locally on the victim computer.

SecuriTeam said the first flaw only affects older versions of Firefox (except for the latest version of Firefox 2.0).

As for the second flaw, SecuriTeam believes it relates to Firefox's anti-phishing features. With this vulnerability, a phisher can trick the browser into believing that a fake site has been secured by inserting special characters into the website URL. The identified vulnerability affects older versions of Firefox.

Currently Mozilla does not have any comment on the above information.