Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions

if the exception raises in some extension in the user profile and the page can catch path to the user profile and so a remote attacker will know the user login PoC: https://bugzilla.mozilla.org/attachment.cgi?id=164547

Re: dotproject <= 2.0.1 remote code execution

"With register_globals turned off none of these attacks are possible." So is there going to be a update to fix the insecure code or is your fix going to remain as so: (register globals must be off to run dotproject) /str0ke On 2/15/06, Adam Donnison <[EMAIL PROTECTED]> wrote: > I responded to t