ScanIAm wrote: Of course, I'm sure that on Linux, the site would have never caused a problem. In fact, I'm sure that on Linux, it would have washed my car and mowed my lawn. Cuz linux is so coool.
I'm not 100% sure, but I think that exploit is fixed in FF 1.0.3
And why always MS vs Mac vs Linux vs whatever. Isn't it nice if people find Linux perfect to their use? For example I do things in Linux which I can't do in Windows so Windows is not alternative for me. No, I don't hate Windows.
If people are saying Windows/Linux/etc. sucks, so what?! If you don't like, don't use it.
Well, that is, of course, correct, but you can hardly blame people for turning to attack Beer, when he comes on here with that attitude.
As it goes, about this issue, it is unpatched and will work on Linux as well. It just happens that in this example, it generates a batch file in order to show a proof of concept of remote code execution.
What this bug really shows is the biggest weakness in Firefox - the XPCOM system. To be honest, this is as powerful but as dangerous as ActiveX. In fact, it shares much of the conceptual design of ActiveX.
The point overall is this is not a Windows, Mac or Linux issue. The execution platform is Firefox.
And, as a further aside, the original posted exploit wont work now because of server-side changes made by Mozilla themselves.