Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions
From: milw0rm@xxxxxxxxx
Date: 21 May 2006 13:20:48 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

if the exception raises in some extension in the user profile and the page can 
catch path to the user profile and so a remote attacker will know the user login

PoC: https://bugzilla.mozilla.org/attachment.cgi?id=164547

Prev by Date: PHP Easy Galerie Index.PHP Remote File Include Vulnerability
Next by Date: XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit
Previous by thread: PHP Easy Galerie Index.PHP Remote File Include Vulnerability
Next by thread: XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit
Index(es):
- Date
- Thread