E4X and a Firefox XML injection bug
Scary Beasts Security
NOVEMBER 18, 2008
Up-front credit to my colleagues Filipe Almeida and Michal Zalewski who led the way in E4X security research. If you haven't heard of E4X, or don't know why Firefox's E4X support should scare you, please consider reading this article. I've just released details for a recently fixed Firefox XML injection bug. It's one of those bugs that is in search of a good exploitation opportunity.
Let's personalize your content