Internet Explorer 7 and Firefox 2.0 share a logic flaw. The issue is actually more severe, as the two versions of the Microsoft and Mozilla browsers are not the only ones affected. In this regard, the vulnerability impacts Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7 but also Firefox 1.5.0.9. Microsoft has stressed the fact that IE7 on Windows Vista is not affected in any manner.
To read all comments associated with this story, please click here.
Member since:2006-01-26
Good point - in fact I believe I read that this problem exists on Firefox on Linux as well - allowing the upload of a file that the user has access to (i.e. /etc/passwd if the user is root) - would be interesting to see the same exploit written for that scenario 
update: oh, someone did
http://www.thanhngan.org/fflinuxversion.html
Edited 2007-02-27 21:30
Member since:2005-10-02
Member since:2005-07-12
>> Yeah, sure, since Vista doesn't have a boot.ini
>> it's not affected.
The example doesn't work - the technique itself DOES. Theoretically you could pull any file, so long as you were able to get the user to type in ALL the characters in the filename in the order you want them... Which is why embedding this into a blog, forums or any other large text entry box could be a easy way to gather information...
The above paragraph for example, could (in theory) be used to pull info.txt from the current default browser upload directory (notice the bits in italic)
Would be interesting to see if it could be exploited by making it look like some kind of captcha.
Edited 2007-02-28 01:49
Member since:2006-12-18
Member since:
2006-12-18
Yeah, sure, since Vista doesn't have a boot.ini it's not affected.