| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4C8FAAB8.20900@flock.com>
Date: Tue, 14 Sep 2010 10:02:48 -0700
From: Lyndon Nerenberg <lyndon@...ck.com>
To: bugtraq@...urityfocus.com
Subject: [FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass
cross origin protection (XSS)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FLOCK-SA-2010-02
http://flock.com/security/
Title: A malicious RSS feed can bypass cross origin
protection (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4114
CVEs (cve.mitre.org): CVE-2010-3262
Details:
A malicious RSS feed containg HTML when viewed can bypass cross-origin
protection, which has unspecified impact and remote attack vectors.
Credit to Lostmon Lords.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMj6q3AAoJEPzFtDWO6ceqkPAP/j9BUp9li9rkawCZORqbEqml
Gl5gH3TRwhCk8QeDWV6swj+0xiAcep0Pn5sDHaIdQMe9sbVNCBaOy/Iq09hRdTAe
Ps4Kpcepmbmxce3zvxbii6DZLFSnoG51/HbmY5X95PkntJU+nsWs+Bu3hgv16/9k
NE0yglFCUl5ssmPVz7U0RpnVVimthSWhF/6hj4sDgYvAvs0fbOSFFH+BUDZIb1H2
X/Vf9/qs/gmqt+BvciDabCxaUi2IdjJdpeW1hUYxiPKnViC4iT+5m4VYcFR+3TYA
PqgYw4KGjPlRXOJnQM8gnAyEiAcRhYfpgowToqUB6fdwk3zAS2c04sm8QALL0j/x
n9T48b6fIlDii8JJ2OkjvXooHAHQ7yZ66TWvS1UvzFnsudrQMhPTGkryhCplqsy5
8fM2wXFBQMpC8xgPjBlqF1I5qtsy4U1RMbvIReegONT9Nd/b0gunzb8IR5lRRC/U
kkJljskcggOAaUH44o3OcmNX8y42DlRzJHVH/G11p6c3izs1wObBKkPZ9y1TThT/
msONMu8//+qFXpR2LVF+GVfWVDI4b3qyQjVvvkeSqxuWL9UipIEYy468QC2YSK/o
wSofb2/r5L9uUkq/J6pVR1wcJfZp7sH08HEwNdaSsvcRea3myO3khxDRQkwmtdeE
lP4hH+lWEHgBMBZr0mXn
=qld4
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists