Ubuntu
firefox package

  1. Bug #16231
  2. Comment #1

Comment 1 for bug 16231

Revision history for this message
David Klotz (ravenmokel) wrote :

This is pretty serious, i just tried out the demo-exploit from
http://www.mikx.de/firelinking/ on my hoary firefox and it worked
and succesfully created a file in my home directory just by
opening a link.
I think ff 1.0.3. should definitely go into hoary-updates or the
fixes should at least be backported to the 1.0.2 in hoary (but i don't
really see a reason for not updating to 1.0.3, we're not debian stable ;)).
And it's not the only serious hole in 1.0.2, just take a look at
what was fixed in 1.0.3 on
http://www.mozilla.org/projects/security/known-vulnerabilities.html

bye,
david