Full Disclosure mailing list archives

Re: Google / GMail bug, all accounts vulnerable

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 12 Dec 2007 16:46:36 +1300

Kristian Erik Hermansen wrote:

... even if handled quite differently between browser types/versions.


Bingo to coderman, the only security dude here who gets it.  You would
be surprised the number of ridiculous personal emails I got regarding
this issue.  Crowd SuRFing is here to stay...


So does the simple expedient of setting browser.chrome.favicons to 
false "fix" this for FF users?

Does it work in IE7's tabbed browsing?


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Google / GMail bug, all accounts vulnerable, (continued)
- - - Re: Google / GMail bug, all accounts vulnerable Aaron Katz (Dec 07)
  - Re: Google / GMail bug, all accounts vulnerable M . B . Jr . (Dec 07)
  - Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 07)
    - Re: Google / GMail bug, all accounts vulnerable alessandro salvatori (Dec 07)
    - Re: Google / GMail bug, all accounts vulnerable Joseph Hick (Dec 07)
    - Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 07)
    - Re: Google / GMail bug, all accounts vulnerable Aaron Katz (Dec 11)
    - Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 11)
    - Re: Google / GMail bug, all accounts vulnerable coderman (Dec 11)
    - Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 11)
    - Re: Google / GMail bug, all accounts vulnerable Nick FitzGerald (Dec 11)
    - Re: Google / GMail bug, all accounts vulnerable coderman (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable jipe foo (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable coderman (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable ad () heapoverflow com (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable Kristian Erik Hermansen (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable Steven Adair (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable coderman (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable Peter Besenbruch (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable Steven Adair (Dec 12)
    - Re: Google / GMail bug, all accounts vulnerable Peter Besenbruch (Dec 12)

(Thread continues...)