Full Disclosure mailing list archives
Re: Cross-Platform Browser vulnerabilities - Critical
From: Daniel Veditz <dveditz () cruzio com>
Date: Sun, 08 Jun 2003 09:50:37 -0700
meme-boi wrote:
Synopsis:
--------
Opera, Mozilla & Netscape with javascript enabled are vulnerable
to remote command execution. This has been tested on Microsoft,
and many many Unices. Macintosh may also be vuln.
The exploit example you give is not remote command execution but rather a violation of the same origin policy. Unless there are additional details you are withholding this same flaw was reported on Bugtraq April 15 http://www.securityfocus.com/archive/1/318777 and fixed in Mozilla 1.3 http://bugzilla.mozilla.org/show_bug.cgi?id=201132
There are many, many more issues than I have discussed. The minimal release is for giving the blackhats time to play.
If instead you'd like to give the whitehats time to fix them details would be gratefully received by "security" at "mozilla.org" -Dan Veditz Mozilla security group member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Cross-Platform Browser vulnerabilities - Critical meme-boi (Jun 07)
- Re: Cross-Platform Browser vulnerabilities - Critical Daniel Veditz (Jun 08)
- Re: Cross-Platform Browser vulnerabilities - Critical meme-boi (Jun 09)
- Re: Cross-Platform Browser vulnerabilities - Critical Daniel Veditz (Jun 08)