if the exception raises in some extension in the user profile and the page can
catch path to the user profile and so a remote attacker will know the user login
PoC: https://bugzilla.mozilla.org/attachment.cgi?id=164547
"With register_globals turned off none of these attacks are possible."
So is there going to be a update to fix the insecure code or is your
fix going to remain as so:
(register globals must be off to run dotproject)
/str0ke
On 2/15/06, Adam Donnison <[EMAIL PROTECTED]> wrote:
> I responded to t