Dear Stefan, > If you can exploit that with Firefox, Firefox should be fixed. Can you > give more details? I would be very interested.
Will do, offline (because it affects the main web login site of my Uni). Essentially, I found that Firefox will inherit the charset of the parent page, when that had been selected manually (does not inherit the charset specified in headers or meta). I guess this is a "new" bug in Firefox, maybe they should be told... > Any broswer that interprets ascii as utf7 without being told to do so > is severely buggy. And CVE-2006-5152 is about MSIE, not about Apache. > Your retraction was about Apache. So IE "encoding autoselect" is severely buggy: I almost agree. Whatever people think CVE-2006-5152 is about, I meant my posts to be about Apache. (No use trying to get MS to fix IE.) > If it affects only one buggy browser, it's low impact. ... If that buggy browser is IE, used by 90% of the (deluded) population, then is it not low impact. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
