Fix for Mozilla XMLHttpRequest file disclosure vulnerability

[Frank Hecker <hecker () mozilla org>]

For those not already aware of this, note that a fix for the 
XMLHttpRequest file disclosure vulnerability (Bugtraq id 4628) reported 
by GreyMagic Software has been checked into the Mozilla source tree. The 
fix is included in new Mozilla 1.0 branch nightly builds dated 2 May 
2002 or later available through mozilla.org:

http://ftp.mozilla.org/pub/mozilla/nightly/latest-1.0.0/

and will be included in the upcoming Mozilla 1.0 release and any further 
1.0 Release Candidates distributed through mozilla.org. For more 
information on the fix please see bug report 141061 in the Mozilla 
project's public bug database:

http://bugzilla.mozilla.org/show_bug.cgi?id=141061

On behalf of the Mozilla community we at mozilla.org thank all the 
people who participated in discovering, reporting, investigating, and 
fixing this bug.

As a reminder, reports of Mozilla-related security vulnerabilities can 
be reported via email to security () mozilla org, and will be handled in 
accordance with the mozilla.org on handling security bugs:

http://www.mozilla.org/projects/security/security-bugs-policy.html

Frank

--
Frank Hecker
hecker () mozilla org