| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <140443.566981166737394161.JavaMail.juha-matti.laurio@netti.fi> Date: Thu, 21 Dec 2006 23:43:13 +0200 (EET) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: 3APA3A <3APA3A@...URITY.NNOV.RU>, quincy@...il.com Cc: bugtraq@...urityfocus.com Subject: Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip Additionally, the CVSS (Common Vulnerability Scoring System) Severity score of the issue is 2.3, i.e. "Low": http://nvd.nist.gov/cvss.cfm?name=CVE-2006-6077&vector=%28AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N%29 - Juha-Matti 3APA3A <3APA3A@...URITY.NNOV.RU> wrote: > Dear quincy@...il.com, > > It's > https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=360493 > > and it was discussed. It can only steal password from the site if site > allows to upload form or has crossite scripting errors. > > --Wednesday, December 20, 2006, 1:02:54 PM, you wrote to bugtraq@...urityfocus.com: > > qgc> critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip > qgc> PoC here: http://www.info-svc.com/news/11-21-2006/rcsr1/ > > > -- > ~/ZARAZA > http://www.security.nnov.ru/
Powered by blists - more mailing lists