Is fixed as part of mfsa 2005-27
http://www.mozilla.org/security/announce/mfsa2005-27.html
mikx
- Original Message -
From: "Stan Bubrouski" <[EMAIL PROTECTED]>
To: "Beauford, Jason" <[EMAIL PROTECTED]>
Cc: "mikx" <[EMAIL PROTECTED]>; ;
ing)
Upgrade to Firefox 1.0.1 or disable javascript.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0527 to this issue.
__Affected Software
Tested with Firefox 1.0 on Windows and Linux (Fedora Core)
__Contact Informations
Michael Krax <[EMAI
th Firefox 1.0 and Mozilla 1.7.5
__Contact Informations
Michael Krax <[EMAIL PROTECTED]>
http://www.mikx.de/?p=10
mikx
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
s issue.
__Affected Software
Tested with Firefox 1.0 and Mozilla 1.7.5
__Contact Informations
Michael Krax <[EMAIL PROTECTED]>
http://www.mikx.de/?p=8
mikx
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
issue.
__Affected Software
Tested with Firefox 1.0 and Mozilla 1.7.5
__Contact Informations
Michael Krax <[EMAIL PROTECTED]>
http://www.mikx.de/?p=9
mikx
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
request (disclosure warning - no reply)
2005-01-11 Public disclosure
__Affected Software
Tested with Firefox 1.0, Mozilla 1.7.5 and Netscape 7.1 on Windows XP SP2.
__Contact Informations
Michael Krax <[EMAIL PROTECTED]>
http://www.mikx.de/?p=
king me addicted to XSS)
Mark J Cox (Red Hat Security Response Team)
Daniel Bachfeld (heisec)
Jamie McCarthy and Chris Nandor (slashcode)
Alexander Barkov (mnogosearch)
Microsoft Security Response Center
Google Security Team
Bugzilla Team
Everybody who responded to my report mail :)
Contact
==
Hello,
does anybody know an email alias at amazon.com to report a vulnerability?
I tried to report multiple XSS issues to their customer support during the
last few days, but got no feedback at all.
mikx
___
Full-Disclosure - We believe in it.
Charter
s to a local directory.
Since WinXP SP2 it's not possible to use "shell:startup" as src for an
iframe, but it's possible to circumvent this restriction by using the
AnchorClick behavior.
mikx
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
;break out"
of framesets or warns when embedded in a frame. You could also try to detect
those man-in-the-middle stuff by checking if the referrer of a form post
comes from your server. This wouldn't stop the phising but at least would it
break the "transparency" of the attack
0 minutes to create this, so script kids around the world
with enough free time will create even better protected mechanisms to
exploit this bug in the near future.
Take it serious!
mikx
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
11 matches
Mail list logo
