[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3EE3695D.60701@cruzio.com>
From: dveditz at cruzio.com (Daniel Veditz)
Subject: Cross-Platform Browser vulnerabilities - Critical
meme-boi wrote:
> Synopsis:
> --------
>
> Opera, Mozilla & Netscape with javascript enabled are vulnerable
> to remote command execution. This has been tested on Microsoft,
> and many many Unices. Macintosh may also be vuln.
The exploit example you give is not remote command execution but rather a
violation of the same origin policy. Unless there are additional details you
are withholding this same flaw was reported on Bugtraq April 15
http://www.securityfocus.com/archive/1/318777
and fixed in Mozilla 1.3
http://bugzilla.mozilla.org/show_bug.cgi?id=201132
> There are many, many more issues than I have discussed. The minimal
> release is for giving the blackhats time to play.
If instead you'd like to give the whitehats time to fix them details would
be gratefully received by "security" at "mozilla.org"
-Dan Veditz
Mozilla security group member
Powered by blists - more mailing lists