The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
Weakness
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 51.0 (excluding) |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Firefox | Ubuntu | yakkety | * |
| Firefox | Ubuntu | zesty | * |
Potential Mitigations
Related Attack Patterns
References
- http://www.securityfocus.com/bid/95763
- http://www.securitytracker.com/id/1037693
- https://bugzilla.mozilla.org/show_bug.cgi?id=1295023
- https://www.mozilla.org/security/advisories/mfsa2017-01/
- http://www.securityfocus.com/bid/95763
- http://www.securitytracker.com/id/1037693
- https://bugzilla.mozilla.org/show_bug.cgi?id=1295023
- https://www.mozilla.org/security/advisories/mfsa2017-01/