VULHUB ™

A vulnerability has been published that may allow for attackers to read the contents of attacker-specified files on the client users filesystem. To exploit this vulnerability, the attacker must place a HTML document containing code (the example uses XMLHttpRequest) to read the target file on a remote SMB share. The attacker must then create flash content that will load the remote document via file:// URI. It is likely that only Firefox on Windows systems is affected. This vulnerability may be related to BID 12466.

A vulnerability has been published that may allow for attackers to read the contents of attacker-specified files on the client users filesystem. To exploit this vulnerability, the attacker must place a HTML document containing code (the example uses XMLHttpRequest) to read the target file on a remote SMB share. The attacker must then create flash content that will load the remote document via file:// URI. It is likely that only Firefox on Windows systems is affected. This vulnerability may be related to BID 12466.