An attacker can use this vulnerability to collect session information, including session cookies and session history. Firefox is not vulnerable by default. Only users that have installed "flat" packed add-ons are at risk. Discussion about "flat" packaged add-ons is here. A partial list of "flat" packed add-ons is available here. If you are an author of any of these add-ons, please release an update to your add-on that uses .jar packaging.
This bug is tracking the additional information: https://bugzilla.mozilla.org/show_bug.cgi?id=413451
Based on this new information Mozilla has changed the security severity rating to high. A fix is included in Firefox 2.0.0.12 which be available shortly.
Discuss Add this link to...
Foxie Button
More From LouCypher
Foxiewire a News site dedicated to everything Mozilla Your Source for Daily Mozilla News, Community run site that provides daily news stories on all of Mozilla's products and projects.
You can resize a text... The vote button/script is cool.
With all of the available... This looks awesome. I use the Express Metrix tool when I'm in IE, but this... Very cool... I'll add 'OutWit Hub'... We need a ninja developer to help bring us to the finish line. Please...
Comments