Hi malware fighters,
Well I reported here about a serious hole in the firebug extension for Firefox. Well yours truly came up with some line of code, see the comments near the bottom of this page:
http://www.gnucitizen.org/blog/firebug-goes-evil This code makes that runfile(f) (doing all the harm here) would be capped through ipdfilter/reset.
Hopefully the developer of firebug has also been there, so he can bring this simple protection inside his extension. Funny thing is, while the FF or Flock browser code is becoming more and more secure, the extensions have now come under fire from malcreants, also full disclosure publishers, like Georgi Guninski, the renowed Bulgarian come up with these now.
polonus
