| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Aug 2005 01:00:50 +0200 From: Alessandro Amici <alexamici@...twebnet.it> To: bugtraq@...urityfocus.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Mozilla Firefox up to 1.0.6 and Mozilla Thunderbird up to 1.0 url string obfuscation Marc, On Tuesday 09 August 2005 15:22, Marc Ruef wrote: > After I have entered the _very_ long URL (approx. 5.474 chars) in the > address bar of the browser the whole line went blank. I was not able to see > my input - It looked like deleted, empty. on Debian sid I see a slightly different problem. Platform: Debian GNU/Linux unstable as of 2005-08-10 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050730 Firefox/1.0.6 (Debian package 1.0.6-2) Inserting manually a long URL in the address bar (or in the search shortcut, for the matter) resulted in damaged text. It looks like the long line wraps and the bar contains the superposition of pieces of the URL with a shift of a few pixels. The damaged text is perfectly visible and pretty allarming, too. Cheers, Alessandro -- B-Open Solutions srl - http://www.bopen.it/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists