Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim’s computer.
Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.
The attack takes advantage of the way Firefox implements Same Origin Policy (SOP) for the “file://” scheme URI (Uniform Resource Identifiers), which allows any file in a folder on a system to get access to files in the same folder and subfolders.
Since the Same Origin Policy for the file scheme has not been defined clearly in the RFC by IETF, every browser and software have implemented it differently—some treating all files in a folder as the same origin whereas other treat each file as a different origin.
Tawily told The Hacker News that Firefox is the only major browser that didn’t change its insecure implementation of Same Origin Policy (SOP) for File URI Scheme over time and also supports Fetch API over file protocol.
images from Hacker News