Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability In Firefox Popup Blocker

Posted by kdawson on from the all-your-files dept.

cj writes in with news of a vulnerability in Firefox's stock popup blocker discovered by Michal Zalewski. The vulnerability can allow a malicious user to read files from an affected system. The attacker would "need to plant a predictably named file with exploit code on the target system. This sounds hard, but isn't," according to the article.

6 of 100 comments (clear)

  1. Re:Right... by pairo · · Score: 5, Funny

    That was quite possibly the most ignorant statement I have read on slashdot recently.
    You don't really read much of Slashdot, do you?
  2. Re:Anyone knows if the 2.x tree is vulnerable too? by Baron+Eekman · · Score: 2, Funny

    "proof of concept" that is; I should go to bed

  3. Re:Windows only? by codepunk · · Score: 4, Funny

    You have to chmod 777 every file in the root and home file systems, log in as root, open a port for ssh, disable ip tables and or ipchains and post the user name (root of course), password and ip to a irc channel, turn off pop up blocking...yep see it effects linux also.

    That is the lamest vulnerability post I have seen in a long time...really stretching here are we not?

    --


    Got Code?
  4. Re:Right... by iggymanz · · Score: 2, Funny

    he meant by a non-author/non-editor

  5. Re:Windows only? by bl8n8r · · Score: 2, Funny

    Crap... where's the undo button for Xchat?

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  6. Re:Anyone knows if the 2.x tree is vulnerable too? by Anonymous Coward · · Score: 3, Funny

    Bullshit.