lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3EE3695D.60701@cruzio.com>
From: dveditz at cruzio.com (Daniel Veditz)
Subject: Cross-Platform Browser vulnerabilities - Critical

meme-boi wrote:
> Synopsis:
> --------
>
>          Opera, Mozilla & Netscape with javascript enabled are vulnerable
>          to remote command execution. This has been tested on Microsoft,
>          and many many Unices. Macintosh may also be vuln.

The exploit example you give is not remote command execution but rather a
violation of the same origin policy. Unless there are additional details you
are withholding this same flaw was reported on Bugtraq April 15

http://www.securityfocus.com/archive/1/318777

and fixed in Mozilla 1.3

http://bugzilla.mozilla.org/show_bug.cgi?id=201132

> There are many, many more issues than I have discussed. The minimal
> release is for giving the blackhats time to play.

If instead you'd like to give the whitehats time to fix them details would
be gratefully received by "security" at "mozilla.org"

-Dan Veditz
Mozilla security group member


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ