Hey folks there is a new vulnerability in Firefox that Secunia has an advisory on. This is a remotely exploitable one and there is currently no patch for this vulnerability. That should be rectified in short order y the Mozilla folks.
Description:
Charles McAuley has reported a vulnerability in Firefox, which can be exploited by malicious people to trick users into disclosing sensitive information.The vulnerability is caused due to a design error where a script can cancel certain keystroke events when entering text. This can be exploited to trick a user into typing a filename in a file upload input field by changing focus and cancel the “OnKeyPress” JavaScript event on certain characters.
Successful exploitation allows an arbitrary file on the user’s system to be uploaded to a malicious web site, but requires that the user types a text containing the characters of the filename.
The vulnerability has been confirmed in version 1.5.0.4. Other versions may also be affected.
The current fix is to disable java script.
[tags]Firefox vulnerability, Vulnerability, Remote Exploit, Security[/tags]