lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060822163543.26619.qmail@securityfocus.com>
Date: 22 Aug 2006 16:35:43 -0000
From: dc@...pliciti.biz
To: bugtraq@...urityfocus.com
Subject: Simpliciti Locked Browser Jail Breakout Vulnerability

>From vendor: 

In order to access this vulnerabilty, the user has to intentional visit a page which has intentional created the malious exit javascript.

The product has many security functions built in to prevent this occuring. 
The products setting screens allow the product to easily prevent this occuring, by setting the main URl to URL that does not allow access to out side web sites, additional site restrictions can be entered to ensure that a user cannot access anything but the desired pages or sites.

The issue will be fixed in the next release of the product, but in the mean time is entirely preventable in any normal type of implementation of the product.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ