This is pretty serious, i just tried out the demo-exploit from http://www.mikx.de/firelinking/ on my hoary firefox and it worked
and succesfully created a file in my home directory just by
opening a link.
I think ff 1.0.3. should definitely go into hoary-updates or the
fixes should at least be backported to the 1.0.2 in hoary (but i don't
really see a reason for not updating to 1.0.3, we're not debian stable ;)).
And it's not the only serious hole in 1.0.2, just take a look at
what was fixed in 1.0.3 on http://www.mozilla.org/projects/security/known-vulnerabilities.html
This is pretty serious, i just tried out the demo-exploit from www.mikx. de/firelinking/ on my hoary firefox and it worked www.mozilla. org/projects/ security/ known-vulnerabi lities. html
http://
and succesfully created a file in my home directory just by
opening a link.
I think ff 1.0.3. should definitely go into hoary-updates or the
fixes should at least be backported to the 1.0.2 in hoary (but i don't
really see a reason for not updating to 1.0.3, we're not debian stable ;)).
And it's not the only serious hole in 1.0.2, just take a look at
what was fixed in 1.0.3 on
http://
bye,
david