lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101215095951.17930131@angelo.pretender.us>
Date: Wed, 15 Dec 2010 09:59:51 -0800
From: Reed Loden <reed@...dloden.com>
To: dave b <db.pub.mail@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: i hate it when some one beats me to a bug

On Thu, 16 Dec 2010 02:26:57 +1100
dave b <db.pub.mail@...il.com> wrote:

> I hate it when some one beats me to a bug report.
> https://addons.mozilla.org/en-US/firefox/user/5578717/ (this  example
> will only work against firefox).
> The xss occurs due to no filtering / escaping the display name attribute for a
> user.

Sorry, Dave, that somebody "beat you to it", but we definitely
appreciate you taking the time to report the problem to us. Having
community support in finding vulnerabilities such as the one you
discovered is great to making sure users stay safe on the Web. We've
just pushed out a fix for it, so the issue should now be resolved.

Thanks for taking part in Mozilla's new Web Application Security Bug
Bounty Program[0] (such a mouthful to say or type). Let us know if you
discover any more issues, and hopefully, you'll be the first one that
time. :)

Have a wonderful rest of the week!

~reed
Mozilla Security Group

[0]
http://blog.mozilla.com/security/2010/12/14/adding-web-applications-to-the-security-bug-bounty-program/

-- 
Reed Loden
reed@...dloden.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ