Firefox “View-Source” Vulnerability
I thought that since most of us use Firefox people might care – apparently the default installation/settings of Firefox’s latest release allow all scripts written on websites to be executed. I don’t know with what privileges the code executes, but presumably whatever privileges Firefox has. Anyway, it can be disabled via the NoScript plugin (Or just don’t select “view-source”? The article’s not very clear on whether the exploited error was merely in the view-source mechanism, or whether the user must in fact click “view-source”). Either way, it’s cool that someone discovered the error in a release only several hours old as of this posting.
The original, very brief blog post reporting this can be found here on slashdot.