Updated packages are available which fix a security issue in Mozilla.
One component of the XML Extras package in Mozilla 0.9.9 and earlier allows remote attackers to read arbitrary files and list directories on a client system. This exploit is performed by opening a URL that redirects the browser to the file on the client and reading the results using the responseText property. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0354 to this issue. Users of Mozilla are advised to upgrade to these errata packages which have been patched and are not vulnerable to this issue.