Feb
9
2008
Path Traversal via DOM Injection Vulnerability in Firefox 2.0.0.12
This is obviously no longer an issue. Please see the comments for more information.
As posted on 0×00000, Mozilla Firefox 2.0.0.12 is vulnerable by default to a directory traversal trick, via the view-source mechanism. Although mitigated by the NoScript plug-in, this is quite a serious bug — the default installation is vulnerable from the get-go.
After a slew of point releases and similar vulnerabilities, this comes rather surprisingly — the Firefox team are usually rather thorough in their bug cleansing; hopefully, this will be fixed as promptly as usual.
POC code mirror.