| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <30308840.574861200606808916.JavaMail.servlet@perfora> Date: Thu, 17 Jan 2008 16:53:28 -0500 From: "Randal T. Rioux" <randy@...cyonlabs.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: [FDSA] Notepad Highly CriticalCross-SiteScripting (XSS) Vulnerability > Fredrick Diggle Security Advisory > >Application: Notepad >Versions: 5.1.2600.2180 verified to be vulnerable >Platforms: Microsoft Windows (All Versions) >Bugs: Cross Site Scripting (XSS) >Severity: Critically High >Date: 17 Jan 2008 >Credit: Estr Hinan > >####################################################################### >That’s a really funny “security risk”. I don’t agree with you, because >otherwise every editor, which is able to save HTML Files, is a security >problem. So vi, Dreamweaver, emacs… are all unsecure? It is your decision, >to open a HTML file or not. And (if here are some MS guys) please don’t fix >this “issue”, because sometimes, if you haven’t a professional tool at the >moment, the Windows editor can be useful, too. Also, if you need to edit >some small Scripts. > >Yours, >SR > Speaking of professional tools... Let's hope this was just a language translation error and not a fully understood response. Lighten up, folks. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists