For those not already aware of this, note that a fix for the XMLHttpRequest file disclosure vulnerability (Bugtraq id 4628) reported by GreyMagic Software has been checked into the Mozilla source tree. The fix is included in new Mozilla 1.0 branch nightly builds dated 2 May 2002 or later available through mozilla.org:
http://ftp.mozilla.org/pub/mozilla/nightly/latest-1.0.0/ and will be included in the upcoming Mozilla 1.0 release and any further 1.0 Release Candidates distributed through mozilla.org. For more information on the fix please see bug report 141061 in the Mozilla project's public bug database: http://bugzilla.mozilla.org/show_bug.cgi?id=141061 On behalf of the Mozilla community we at mozilla.org thank all the people who participated in discovering, reporting, investigating, and fixing this bug. As a reminder, reports of Mozilla-related security vulnerabilities can be reported via email to [EMAIL PROTECTED], and will be handled in accordance with the mozilla.org on handling security bugs: http://www.mozilla.org/projects/security/security-bugs-policy.html Frank -- Frank Hecker [EMAIL PROTECTED]