On 2/12/07, Ruud H.G. van Tol <[EMAIL PROTECTED]> wrote: > Michal Zalewski wrote: > > 2) The Firefox attack vector is related to the Charles' CVE-2006-2894, > > which in turn was a rediscovery of a problem known to Mozilla since > > 2000 (!); attempts to fix it in official releases failed because the > > problem was repeatedly marked as a duplicate of a too narrowly > > defined issue with control hiding. A broader redesign probably > > eliminated the issue in development branches, but it still affects > > Firefox 1.5 and 2.0. > > > > This can be considered an independent rediscovery and a more > > practical demonstration of a previously reported vulnerability. > > The exploit is here: http://lcamtuf.coredump.cx/focusbug/index.html > > Without JavaScript on, this doesn't work. See http://noscript.net/
Without a browser too, this doesn't work. See http://netcat.sourceforge.net/ -- Guasconi Vincent French Student. http://altmylife.blogspot.com [Fr] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
