The security expert Barak Tawily demonstrated that opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a 17-year-old known bug in the browser.
The researcher published the details of the attack through TheHackerNews website and demonstrated that his technique works against the latest version of Firefox.
“Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.” reported TheHackerNews.
“Recently, I was performing a research on Same Origin Policy attacks, I managed to realize that the la version of Firefox (currently 67) is vulnerable to local
According to Tawily, Firefox didn’t fix the flawed implementation of the Same Origin Policy (SOP) for File URI Scheme over the years.
The expert also shared details of its PoC and a video PoC of the attack. Tawily explained how an attacker can easily steal secret SSH keys of Linux victims if they save downloaded files in the user-directory that includes SSH keys in its subfolder.
file:///home/user/-malicious.html, and the iframe source will be
file:///home/user/), such as SSH private key by simply fetching the URL
file:///home/user/.ssh/ida_rsaand stealing any file by 1 more fetch request to the attacker’s malicious website with the files’ content.
An attacker could successfully carry out the attack by tricking victims into downloading and opening a malicious HTML file on the Firefox web browser and into clicking on a fake button to trigger the exploit.
“Tawily told The Hacker News that all the above-mentioned actions could secretly happen in the background within seconds without the knowledge of victims, as soon as they click the button place carefully on the malicious HTML page.” continues The Hacker News
The expert reported the flaw to Mozilla, but the company seems to have no intention to fix the issue soon.
“Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders.” reads the reply from Mozilla.