UBUNTU-CVE-2001-1593

Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spyuser. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running a2ps...

[Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on...