lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 25 Nov 2010 23:39:33 -0000 From: g.maone@...ormaction.com To: bugtraq@...urityfocus.com Subject: Re: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) NoScript 2.0.7 is released today (25th November 2010). It correctly detects and blocks this variant (raw hexadecimal), but also the other 3 (quoted hexadecimal, raw binary and quoted binary) which have not been covered by this disclosure.