Firefox Popup Blocker Allows Reading Arbitrary Local Files

Via Securiteam.com -

There is an interesting vulnerability in the default behavior of Firefox built-in popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information.

Credit: The information has been provided by Michal Zalewski.