Fix for Mozilla XMLHttpRequest file disclosure vulnerability

From: Frank Hecker (hecker@mozilla.org)
Date: 05/03/02


Date: Thu, 02 May 2002 23:58:55 -0400
From: Frank Hecker <hecker@mozilla.org>
To: bugtraq@securityfocus.com

For those not already aware of this, note that a fix for the
XMLHttpRequest file disclosure vulnerability (Bugtraq id 4628) reported
by GreyMagic Software has been checked into the Mozilla source tree. The
fix is included in new Mozilla 1.0 branch nightly builds dated 2 May
2002 or later available through mozilla.org:

http://ftp.mozilla.org/pub/mozilla/nightly/latest-1.0.0/

and will be included in the upcoming Mozilla 1.0 release and any further
1.0 Release Candidates distributed through mozilla.org. For more
information on the fix please see bug report 141061 in the Mozilla
project's public bug database:

http://bugzilla.mozilla.org/show_bug.cgi?id=141061

On behalf of the Mozilla community we at mozilla.org thank all the
people who participated in discovering, reporting, investigating, and
fixing this bug.

As a reminder, reports of Mozilla-related security vulnerabilities can
be reported via email to security@mozilla.org, and will be handled in
accordance with the mozilla.org on handling security bugs:

http://www.mozilla.org/projects/security/security-bugs-policy.html

Frank

-- 
Frank Hecker
hecker@mozilla.org