Maxthon browser vulnerability

Security firm Secunia is carrying details of a serious flaw in
the Maxthon Browser. According to Secunia, "the vulnerability is
caused due to a design error where the security ID of a plug-in
is not properly protected from being included and accessed on an
external website via the script tag. This can e.g. be exploited
to read and write arbitrary files via the "readFile()" and
"writeFile()" API functions via directory traversal attacks.
The vulnerability has been reported in version 1.2.0 and 1.2.1.
Prior versions may also be affected." All users should update to
the version 1.2.2.
http://secunia.com/advisories/14918/
http://www.maxthon.com/download.htm
= Paid content

All Windows Secrets articles posted on 2005-04-20: