- Sunday, 22 November 2009
- INQ Mobile
- RSS
Automatic simply means that you can't repair it yourself - Frank Capra
Mozilla warns of leaky Firefox
Monkey needs greasing, status bar barred
Thursday, 24 January 2008, 12:10
A BOG chez Mozzarella says a vulnerability in Firefox's chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure.
Users are only at risk if they have one of the “flat” packaged add-ons installed," apparently. Examples of popular add-ons that are vulnerable include: Download Statusbar and Greasemonkey, says the bog posting.
There's more of this unfathomable stuff here. µ
Share this:
Share
Advertisement
Subscribe to the INQ Newsletter
Sign-up for the INQBot weekly newsletter
INQ Whitepapers
Business Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Jobs
Advertisement
INQ Poll
what an arse the news desk is. seems they forgot to mention a workaround.

# Giorgio Maone Says:
January 23rd, 2008 at 10:46 am

The NoScript extension prevents chrome: URIs from being loaded as scripts in content pages, effectively making this bug unexploitable no matter if the page is trusted or not.
The most important piece of software when browsing the web. Full stop.

Thank you Giorgio Maone!
It's the one that results in me having to kill firefox/thunderbird every so often to reclaim enough memory, page file space and CPU cycles to run other things. 250MB RAM yesterday, with only one instance and 5 tabs (all on a football news site). Been like that for years.