If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
This is obviously no longer an issue. Please see the comments for more information.
As posted on 0×00000, Mozilla Firefox 2.0.0.12 is vulnerable by default to a directory traversal trick, via the view-source mechanism. Although mitigated by the NoScript plug-in, this is quite a serious bug — the default installation is vulnerable from the get-go.
After a slew of point releases and similar vulnerabilities, this comes rather surprisingly — the Firefox team are usually rather thorough in their bug cleansing; hopefully, this will be fixed as promptly as usual.
POC code mirror.
8 responses so far ↓
1 Path Traversal via DOM Injection Vulnerability in Firefox 2.0.0.12 // Feb 10, 2008 at 12:18 am
[...] http://www.LenGoldenstein.com - Nerding it up one bit at a time. wrote an interesting post today onHere’s a quick excerpt [...]
2 Vulnerabilidad crítica en Firefox 2.0.0.12 | Bitperbit // Feb 10, 2008 at 1:13 am
[...] Vía [...]
3 she // Feb 10, 2008 at 2:08 am
Maybe it would help to expose such simple bugs faster if the build system would be more streamlined with other systems.
Modular xorg managed to completely modularize its build system, firefox instead insists on annoying a user to build a .mozconfig file …
4 Dan // Feb 10, 2008 at 5:44 pm
Well, thats what happens if you rush your launch date.
Let us hope that they release FF 3 soon. I can’t wait for it
5 Asa Dotzler // Feb 10, 2008 at 7:19 pm
It’s not a bug.
http://shaver.off.net/diary/2008/02/10/view-sourceresource-vulnerability-does-not-expose-personal-information/
6 jesse anderson // Feb 11, 2008 at 3:26 pm
Why why should there be a better way, well I think it good but with a few bugs
7 OneGyT // Feb 13, 2008 at 4:47 pm
I couldn’t control my smile when I came to the line about NoScript mitigating it.
8 Tracy Mcclure // Nov 12, 2008 at 10:19 pm
5suynozvo4k7z3h8
Leave a Comment