Is your Firefox browser vulnerable?

Hi malware fighters,

Put it to the test,
Title : Firefox file prompt delay bypass (MEDIUM)
Impact : non-consentual download or execution of files
Demo : http://lcamtuf.coredump.cx/ffclick2/

NoScript extension protects,

Explanation - It will download and open a HTML
page without your explicit consent, rendering it in the context of file:// URI scheme. Among
other security-related side effects, such a page will be able to access other files on your
local disk and transmit that data over the Internet. In this particular case, you will
be presented a directory index of C:\ (Windows only).
Technical notes: the demo will prompt you to hit RETURN repeatedly for reliability, but this is not a
prerequisite for exploitation - a single mouse click or keystroke is enough. Actions will be
carried at a fairly slow pace, but this is intentional, so that you get a chance to see what is
actually happening, and so that network hiccups have a lesser impact.

polonus

Is your Firefox browser vulnerable?
Only To You My Friend Damian ;D ;D ::)

From http://lcamtuf.coredump.cx/ffclick2/

Below is a quick demonstration for Firefox 2.0 on Windows. It will download and open a HTML page without your explicit consent, rendering it in the context of file:// URI scheme. Among other security-related side effects, such a page will be able to access other files on your local disk and transmit that data over the Internet. In this particular case, you will be presented a directory index of C:\ (Windows only).

The demo is for Firefox 2. It doesn’t seem to work on Firefox 3.