IE and Firefox cough up hard drive contents
The latest versions of Internet Explorer and Firefox on Windows and (in the case of Firefox) Unix systems are vulnerable to attacks that could reveal the contents of sensitive files residing on a victim's hard drives.
The vulnerability resides in the functionality that allows the browsers to upload files to a remote server. It requires a victim to visit a booby-trapped website and enter text with certain characters in a comment interface or other input field.
At The Register.
[ Read more ]