-
August 7th, 2002, 11:58 AM
#1
Mozilla FTP View Cross-Site Scripting Vulnerability
Source: Advisory
Mozilla allows running Malicious Scripts due to a bug in 'FTP view' feature.
If you click on a malicious link, the script embedded in URL will run.
* If the ftp server and the http server are the same address, it is dangerous.
Because the cookie may be modified by the attacker.
-
August 7th, 2002, 04:15 PM
#2
just to add a little to this...
source Advisory
Workaround:
Use the latest version of Mozilla 1.1 Beta or disable JavaScript.
Vendor status:
The Mozilla security bug group was notified on 22 June 2002.
They have fixed the problem, and the fix will be included in Mozilla 1.0.1.
(The fix has already been included in the latest version of Mozilla 1.1 Beta.)
and the link:
Mozilla 1.1 Beta
just like water off a duck\'s back... I AM HERE.
for CMOS help, check out my CMOS tut?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|