Allen Farley <[EMAIL PROTECTED]> wrote in news:d14voe$hug8 @ripley.netscape.com:
Just got these for Mozilla, Firefox and Thunderbird today. All are listed as '"Save Link Target As..." Status Bar Spoofing Weakness' and all have the same solution: 'SOLUTION: Never save files via untrusted sources.'
http://secunia.com/advisories/14565/ - Firefox 0.x & 1.x http://secunia.com/advisories/14567/ - Thunderbird 1.0 http://secunia.com/advisories/14568/ - Mozilla 1.7.x
I beleive this was fixed in FF 1.01
From the article:
>The weakness has been confirmed in version 1.0.1. Other versions may also be affected.
I also tested the sample code with FF 1.0.1, and they are right.
Allen _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security