CNET también está disponible en español.

Ir a español

Don't show this again


Mozilla fixes Firefox's flat add-on vulnerability

New update for the Firefox browser could be pushed out soon.

The security team at Mozilla has fixed the flat add-on vulnerability acknowledged last week. However, no decision has been made when Firefox will be pushed out to users' desktops.

The vulnerability, known formally as the "chrome protocol directory transversal," occurs when a "flat" add-on is present. In this case, an extension to the browser stores its information within JavaScript files as opposed to JAR files. Window Snyder, Mozilla's chief of security, says the vulnerability is not within the browser, but in how the extensions are written.

An attacker exploiting this flaw may be able to retrieve data or profile a compromised system.

Extensions such as Greasemonkey and Download Statusbar were initially mentioned. However, the current list of affected extensions provided by Mozilla is much longer.