Opening an HTML file locally on your browser was never a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim’s computer.
Barak Tawily, a security researcher, shared his findings with Hack Hex, wherein he successfully developed a new PoC attack against the latest version of Firefox by using a 17-year-old known issue in the browser.
The attack takes advantage of the way Firefox implements Same Origin Policy (SOP) for the “file://” scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders.
Though the weakness in Firefox has already been discussed on the Internet in previous years, this is the first time when someone has come up with a complete PoC attack that puts security and privacy of millions of Firefox users at risk.
For a successful execution of this attack, attackers are required to trick victims into downloading and opening a malicious HTML file on the Firefox web browser and click on a fake button to trigger the exploit.
The researcher responsibly reported his new findings to Mozilla, who responded by saying “Our implementation of the Same Origin Policy allows every file:// URL to get access to files in the same folder and subfolders.”
While talking about an alternative approach to fix this issue, Twaily said, “Security-wise I think this should be addressed in RFC side, that should enforce user-agents (browsers) to implement the most secure approach, and don’t allow developers make such mistakes that leave the client exposed to such attacks.”