Archive for January 23rd, 2008

It happened in the past and it's happening again: a new directory traversal vulnerability with potential for private data exposure has been publicly disclosed and confirmed by Mozilla, but NoScript users have been protected since August 2007.

NoScript prevents all chrome: URIs from being loaded as scripts in web content, effectively neutralizing this bug (and a bunch of related ones), no matter if the attacker site is "trusted" (i.e. allowed to executed JavaScript) or not.

Security bugs may live ten days only...
A NoScript fix is forever :)

Bad Behavior has blocked 927 access attempts in the last 7 days.