Full Disclosure mailing list archives
Re: Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
From: Stefan Esser <sesser () hardened-php net>
Date: Sat, 24 Feb 2007 09:21:51 +0100
Matthew Flaschen schrieb:
Stefan Esser wrote:Microsoft just sent a nonsense mail to us, claiming that we had disclosed this already to the public and that they like getting advance notice.I mean, that's fair enough. I mean, nobody's personality should get in the way of fixing security vulnerabilities. Err, I mean...
Well the point is they accused us somewhen in October 2006 to have already disclosed this attack against Internet Explorer 7 to the public. At that time IE7 was just released and we never said a word about IE7 at all. Actually the only thing we did was announce that there is a trick to do this with Firefox.In reality we waited 3.5 months before any detail was made public with yesterdays advisory. Stefan Esser _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Stefan Esser (Feb 23)
- Re: Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Michal Zalewski (Feb 23)
- Re: Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability pdp (architect) (Feb 24)
- Re: Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Matthew Flaschen (Feb 23)
- Re: Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Stefan Esser (Feb 24)
- Re: Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability Michal Zalewski (Feb 23)