August 7th, 2002 11:58 AM
Mozilla FTP View Cross-Site Scripting Vulnerability
Mozilla allows running Malicious Scripts due to a bug in 'FTP view' feature.
If you click on a malicious link, the script embedded in URL will run.
* If the ftp server and the http server are the same address, it is dangerous.
Because the cookie may be modified by the attacker.
August 7th, 2002 04:15 PM
just to add a little to this...
and the link:
The Mozilla security bug group was notified on 22 June 2002.
They have fixed the problem, and the fix will be included in Mozilla 1.0.1.
(The fix has already been included in the latest version of Mozilla 1.1 Beta.)
Mozilla 1.1 Beta
just like water off a duck\'s back... I AM HERE.
for CMOS help, check out my CMOS tut