holy shit, someone actually email'ed me off list asking for details of
this explioit !!!
bwahahaha... heheh.. *snif*
god, my side hurts.
please, before giving further conniptions, refer yourself kindly to rfc
particularly ...://user:password@host:port/ for uri's...
On Feb 6, 2008 2:28 AM,
On Feb 6, 2008 3:05 AM, worried security [EMAIL PROTECTED] wrote:
On Feb 6, 2008 3:01 AM, coderman [EMAIL PROTECTED] wrote:
holy shit, someone actually email'ed me off list asking for details of
this explioit !!!
...
You FOOL!!
Youre playing with fire. Fire that cannot be put out
with
I get a warning on 2.0.0.11 Linux Ubuntu
You are about to log into the site google with the username
[EMAIL PROTECTED], but the website does not require
authentication. this may be an attempt to trick you
Is google the site you want to visit.?
is this a 2.0.0.12 issue?
Steve
carl hardwick
I only see that FF is current to version 2.0.0.11. Are you sure that
you are finding this in 2.0.0.12? If so, where are you getting this
version from?
On Feb 4, 2008 12:10 PM, carl hardwick [EMAIL PROTECTED] wrote:
Firefox seems to have trouble with defining the proper hostname when
The most recent Firefox 2.0.0.12 version is RC4 still:
http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/
You can't download Firefox 2.0.12 Final yet.
Juha-Matti
carl hardwick [EMAIL PROTECTED] wrote:
Firefox seems to have trouble with defining the proper hostname when
requesting a
Firefox seems to have trouble with defining the proper hostname when
requesting a ssl connection. I was able to trick Firefox in thinking
the hostname behind the at-sign is legit and the same as the URI that
requested an ssl connection, and this without a warning.
PoC: https://[EMAIL PROTECTED]
I am not sure the intended point of the exploit since you have @roguehost
and not a proper POC, but I believe all you have triggered is normal
behavior for auto logging into .htaccess protected folders in the form
username:[EMAIL PROTECTED]
http://forum.sambarserver.info/viewtopic.php?p=288
] On Behalf Of steve
menard
Sent: Monday, February 04, 2008 3:36 PM
To: full-disclosure@lists.grok.org.uk
Cc: carl hardwick
Subject: Re: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain
Guessing vulnerabilities
I get a warning on 2.0.0.11 Linux Ubuntu
You are about to log into the site google
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Juha-Matti Laurio wrote:
| The most recent Firefox 2.0.0.12 version is RC4 still:
| http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/
|
| You can't download Firefox 2.0.12 Final yet.
So if that's the case, did the author of this thread
/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
steve
menard
Sent: Monday, February 04, 2008 3:36 PM
To: full-disclosure@lists.grok.org.uk
Cc: carl hardwick
Subject: Re: [Full-disclosure] Firefox 2.0.0.12 SSL
This is obviously a bug in the newest beta release and should be
reported there.Why the OP chose not to do this is a matter for speculation.
Regards,
Scott
steve menard wrote:
I get a warning on 2.0.0.11 Linux Ubuntu
You are about to log into the site google with the username
[EMAIL
11 matches
Mail list logo
