>From the Bugtraq list and on Linux Today:
Reading local files in Netscape 6 and Mozilla (GM#001-NS)
> Demonstration:
> ==============
>
> A fully dynamic proof-of-concept demonstration
> of this issue is available at
> http://security.greymagic.com/adv/gm001-ns/.
As some of you may have noticed, the above proof-of-concept does not work in
Mozilla 1.0 Release Candidate 1.
Don't get your hopes high about this though, the issue has not been fixed in
moz1rc1 - the XMLHttpRequest was simply broken in this version of the
browser for unknown reasons, a fact not mentioned in the release notes. When
trying to use it, either nothing happens or the browser crashes. The
proof-of-concept works just fine in Mozilla 0.9.9 (and NS6.1+), and would
work fine in moz1rc1 if the XMLHttpRequest object could be used at all.
Cheers,
--
Ryurick M. Hristev mailto:[EMAIL PROTECTED]
Computer Systems Manager
University of Canterbury, Physics & Astronomy Dept., New Zealand
