| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <179441632.20070215160126@SECURITY.NNOV.RU> Date: Thu, 15 Feb 2007 16:01:26 +0300 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Michal Zalewski <lcamtuf@...ne.ids.pl> Cc: security@...illa.org, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: Firefox: serious cookie stealing / same-domain bypass vulnerability Dear Michal Zalewski, Mitigating factor: it doesn't work through proxy, because for proxy URI is sent instead of URL and request will be incomplete. GET http://evil.com --Thursday, February 15, 2007, 1:23:01 AM, you wrote to security@...illa.org: MZ> 'evil.com\x00foo.example.com' to be a part of *.example.com domain. -- ~/ZARAZA http://securityvulns.com/ Не обращайте внимания на сарказм и явную чепуху, а поразмыслите просто над фактами. (Твен) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists