Directory Traversal Exploit in Firefox 2.0.0.12

Since I bought my MacBook, I’ve been primarily using Safari, so I haven’t paid as close attention to the recent Firefox vulnerabilities as I should have. I did, however, read about one in the very fresh 2.0.0.12 release (and older). It’s a directory traversal exploit that allows sites to remotely include things that are in Firefox’s program directory. It’s completely trivial to do as well:

http://www.0×000000.com/index.php?i=515

I’m partially posting this because it’s a very simple vulnerability with some interesting impact, but also because I really like 0×000000.com . If you don’t already have it in your feed reader, you need to throw it in there.