Fix for Mozilla XMLHttpRequest file disclosure vulnerability

From: Frank Hecker (
Date: 05/03/02

Date: Thu, 02 May 2002 23:58:55 -0400
From: Frank Hecker <>

For those not already aware of this, note that a fix for the
XMLHttpRequest file disclosure vulnerability (Bugtraq id 4628) reported
by GreyMagic Software has been checked into the Mozilla source tree. The
fix is included in new Mozilla 1.0 branch nightly builds dated 2 May
2002 or later available through

and will be included in the upcoming Mozilla 1.0 release and any further
1.0 Release Candidates distributed through For more
information on the fix please see bug report 141061 in the Mozilla
project's public bug database:

On behalf of the Mozilla community we at thank all the
people who participated in discovering, reporting, investigating, and
fixing this bug.

As a reminder, reports of Mozilla-related security vulnerabilities can
be reported via email to, and will be handled in
accordance with the on handling security bugs:


Frank Hecker