I thought that since most of us use Firefox people might care – apparently the default installation\/settings of Firefox’s latest release allow all scripts written on websites to be executed.\u00a0 I don’t know with what privileges the code executes, but presumably whatever privileges Firefox has. Anyway, it can be disabled via the NoScript plugin (Or just don’t select “view-source”? The article’s not very clear on whether the exploited error was merely in the view-source mechanism, or whether the user must in fact click “view-source”).\u00a0 Either way, it’s cool that someone discovered the error in a release only several hours old as of this posting.<\/p>\n
The original, very brief blog post reporting this can be found here<\/a> on slashdot.<\/p>\n","protected":false},"excerpt":{"rendered":" I thought that since most of us use Firefox people might care – apparently the default installation\/settings of Firefox’s latest release allow all scripts written on websites to be executed.\u00a0 I don’t know with what privileges the code executes, but … Continue reading