Firefox Local Files Theft - CVE-2019-11730
Recently, I was performing a research on Same Origin Policy attacks, I managed to realize that the la
version of Firefox (currently 67) is vulnerable to local files theft attack (on any supported OS), due to improper implementation of Same Origin Policy for file scheme URIs.
Let’s go over the PoC details then I will provide an explanation of why its not patched yet.