Mozilla FTP View Cross-Site Scripting Vulnerability
Results 1 to 2 of 2

Thread: Mozilla FTP View Cross-Site Scripting Vulnerability

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    Mozilla FTP View Cross-Site Scripting Vulnerability

    Source: Advisory

    Mozilla allows running Malicious Scripts due to a bug in 'FTP view' feature.
    If you click on a malicious link, the script embedded in URL will run.

    * If the ftp server and the http server are the same address, it is dangerous.
    Because the cookie may be modified by the attacker.

  2. #2
    Senior Member
    Join Date
    May 2002
    Posts
    390
    just to add a little to this...

    source Advisory

    Workaround:

    Use the latest version of Mozilla 1.1 Beta or disable JavaScript.

    Vendor status:

    The Mozilla security bug group was notified on 22 June 2002.
    They have fixed the problem, and the fix will be included in Mozilla 1.0.1.
    (The fix has already been included in the latest version of Mozilla 1.1 Beta.)
    and the link:

    Mozilla 1.1 Beta
    just like water off a duck\'s back... I AM HERE.

    for CMOS help, check out my CMOS tut?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •