Sunday, February 10th 2008
Just a few hours after Mozilla promised the public they were safe from hackers while using Firefox 18.104.22.168, a hacker went and found a way around the patch. The hacker, named Ronald van den Heetkamp, has this to say to the Firefox developer team.
Don't patch vulnerabilities for fifty percent, take the time and fix the cause. Because directory traversal through plugins is all nice and such, we don't need it. We can trick Firefox itself in traversing directories back. I found another information leak that is very serious because we are able to read out all preferences set in Firefox, or just open or include about every file stored in the Mozilla program files directory, and this without any mandatory settings or plugins.Ronald van den Heetkamp recommends installing the NoScript add-on, or simply using an alternative browser, until Mozilla fixes this bug.Source: Neowin.net