[Full-disclosure] New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities

[Michal Zalewski]

On Sat, 30 Jun 2007, carl hardwick wrote:

> The vulnerability allows the attacker to silently redirect focus of
> selected key press events to an otherwise protected file upload form
> field. This is possible because of how onKeyDown event is handled,
> allowing the focus to be moved between the two. This enables the
> attacker to read arbitrary files on victim's system.

Hey, that's a copy&paste from my post! ;-)

/mz