Mozilla fixes Firefox's flat add-on vulnerability

New update for the Firefox browser could be pushed out soon.

The security team at Mozilla has fixed the flat add-on vulnerability acknowledged last week. However, no decision has been made when Firefox 2.0.0.12 will be pushed out to users' desktops.

The vulnerability, known formally as the "chrome protocol directory transversal," occurs when a "flat" add-on is present. In this case, an extension to the browser stores its information within JavaScript files as opposed to JAR files. Window Snyder, Mozilla's chief of security, says the vulnerability is not within the browser, but in how the extensions are written.

An attacker exploiting this flaw may be able to retrieve data or profile a compromised system.

Extensions such as Greasemonkey and Download Statusbar were initially mentioned. However, the current list of affected extensions provided by Mozilla is much longer.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

A second phone from OnePlus is coming this year

Co-Founder Carl Pei start talking about their next phone before the OnePlus 2 is even available. Samsung's Note 5 and S6 Edge Plus renders are leaked, and Google gives out Waffles.

by Brian Tong