VULHUB ™

Even though Firefox 1.0.1 patched one of the key bugs behind the firescrolling exploit (the ability of plugins to load chrome files in a hidden frame) the ability to hijack a drag and drop operation and open a privileged xul file is still available.

Even though Firefox 1.0.1 patched one of the key bugs behind the firescrolling exploit (the ability of plugins to load chrome files in a hidden frame) the ability to hijack a drag and drop operation and open a privileged xul file is still available.