Author Topic: Protection from the recent Fixed Firefox Flaw. Sites accessing file system.  (Read 35791 times)

Offline warwagon

  • Newbie
  • *
  • Posts: 8
  • Kudos +0/-0
The recent Firefox 39.0.3 fixed a vulnerability where an ad from a Russian site without the user knowing, was able to bypass the same origin policy, and access the file system on a users machine, searching for certain file extensions and uploading them without the user knowing.

Would it be possible for secureaplus, (maybe via a browser plugin) to block access to the users file system, and be able to enable it on a per site basis. For instance, when you go to Facebook and click the browse button for the first time to upload a photo, secureaplus would appear and say "would you like to allow this website access to the hard drive".

Just a thought.

Thanks!
« Last Edit: August 15, 2015, 10:39:04 PM by warwagon »

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 351
  • Kudos +16/-0
SecureAge has another product line that does that kind of protection. It is called SecureData. It is basically an encryption software, that automatically encrypt files. It has a feature which is called Application Binding. You can set certain file type to be bound to certain process. For example if you bind .jpg files to Microsoft Photo Viewer, SecureData will only decrypt .jpg files for Microsoft Photo Viewer. For other processes, you can configure SecureData to either block the reading, or let it reads the encrypted content of the files.
« Last Edit: August 17, 2015, 09:39:42 AM by hendy »