evilXHR Test

Deutsch

evilXHR is the name we gave a vulnerability we found in some versions of the Mozilla Firefox browser. It allows a local HTML file, i.e., one that you have saved in some directory on your computer or mobile device, to steal all files you have stored in the same directory. (For further technical details, see our Security Advisory.)

Test whether your Firefox browser is vulnerable

We provide a test HTML file, evilXHR.html, that attempts to copy the files stored in the same directory as evilXHR.html and to send the copies to our server, where you can inspect them (if the data theft was successful).

To check whether your Mozilla Firefox browser is vulnerable to evilXHR follow these simple steps:

  1. Create an empty test directory somewhere in your file system. (e.g., as a subdirectory of your Downloads folder).
  2. Copy up to 3 test files to the test directory. Please mind the following restrictions: (These restrictions have nothing to do with the evilXHR vulnerability, they are imposed to protect our server.)
  3. Download the file evilXHR.html.
  4. Move evilXHR.html to the newly created test directory.
  5. Open evilXHR.html with your Mozilla Firefox browser.
  6. You will see a warning stating that the file evilXHR.html is "copyright protected" and you will be prompted to open it in "read-only mode". (This is bogus, of course — it just demonstrates how the attack can be rendered more realistic from a social engineering perspective.)
  7. Follow the instruction to click on the corresponding link evilXHR.html in the directory index displayed below. This will actually initiate the data theft attempt.
  8. You will be provided a link to the location on our server where your test files were uploaded — if the data theft was successful. You can view or download your test files in the next 2 to 3 minutes before they are deleted. (Note: No files will be deleted on your computer or mobile device; only the stolen copies will be removed from the server in order to free disk space and for security reasons.)

Countermeasures

If your Mozilla Firefox browser is vulnerable to evilXHR, follow these simple precautions:

Dr. Vladimir Bostanov, SySS GmbH