Just a few days ago (with the Firefox 18.104.22.168 release), “Directory Traversal Vulnerability” was supposed to be fixed. However, as it’s noted here, by the guy who discovered new security vulnerability, it wasn’t fully fixed. Here’s a quote from his blog:
Because directory traversal through plugins is all nice and such, we don’t need it. We can trick Firefox itself in traversing directories back.
I found another information leak that is very serious because we are able to read out all preferences set in Firefox, or just open or include about every file stored in the Mozilla program files directory, and this without any mandatory settings or plugins.
Check his post here.
As for now, you may want to install NoScript plugin for Firefox till they are fixing this security issue.
News and Reviews about Your Favorite Web Browser. Subscribe to our RSS Feed.
About (Author Profile)
Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.