lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [month] [year] [list] 
Date: Tue, 4 Dec 2007 22:16:03 +1100
From: Paul Szabo <psz@...hs.usyd.edu.au>
To: full-disclosure@...ts.grok.org.uk
Subject: Firefox UTF-7 Universal XSS

Building on my previous message

  Firefox explicit charset inheritance
  http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058752.html

now offer a demo of (user-assisted) universal cross-site-scripting in
Firefox. With slight "social engineering", can XSS practically any http
or https sites:

  http://www.maths.usyd.edu.au/u/psz/ff-utf7-uxss.html

For technical details, please see

  https://bugzilla.mozilla.org/show_bug.cgi?id=356280

Cheers,

Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux