Comments on: Mozilla confirms low-risk Firefox flaw

A directory reversal within "flat" extensions could lead to system profile attacks.

[pcabellor]

Download Statusbar updated

At least the Download Statusbar extension has been updated (0.9.5.3) repackaged as .jar file so it should not longer be affected. To update, users should

[Tergon]

Download Status Bar

Hurray for Open Source and Community Development. At least one JS Add-on has been updated. Go to add-ons and update your add-ons.

See below for comment From Download statusbar developer

"Comment #5 Devon Jensen 2008-01-22 23:59:24 PST
Note:
I just released a JARred version of Download Statusbar 0.9.5.3

If you want to test this bug in FF2, you can use Download Statusbar 0.9.5.2
https://addons.mozilla.org/en-US/firefox/addons/versions/26

(Yes, I realize that this is only one of many 'flat' extensions but considering
it is the main example and the large user base, I thought it best to JAR it up
for now)

I prefer the flat file structure so I hope this can get fixed -"

[Robbo75]

Here's what I don't get....

Why do almost all computers (yes, I know there are some UberDorks out there who already do this) use C: as the name for the hard-drive? All I need to do is put c:\directory\filename.exe in a path and it will run on almost every computer. It's so rare that a user will ever do anything root level in DOS (UberDorks, we know you run all your apps in the base operating system. We're proud of you. Now go flame people on the Hobbit movie forum).

Anyway, why don't computers use randomized strings for the hard-drive name? Wouldn't it solve a lot (but obviously not all) of security issues?