You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-03
Mozilla Foundation Security Advisory 2009-03
Title: Local file stealing with SessionStore
Impact: High
Announced: February 3, 2009
Reporter: moz_bug_r_a4
Products: Firefox
Fixed in: Firefox 3.0.6
Description
Mozilla security researcher moz_bug_r_a4 reported that
a form input control's type could be changed during the restoration of a
closed tab. An attacker could set an input control's text value to the
path of a local file whose location was known to the attacker. If the tab
was then closed and the victim persuaded to re-open it, upon restoring the
tab the attacker could use this vulnerability to change the input type to
file
. Scripts in the page could then automatically submit
the form and steal the contents of the user's local file.