Mozilla Firefox "locations.hostname" DOM Property Handling Vulnerability

Discussion in 'other security issues & news' started by tlu, Feb 22, 2007.

Thread Status:
Not open for further replies.
  1. tlu

    tlu Guest

    Firefox bookmark cross-domain travel vulnerability

    The well-known security expert Michal Zalewski found a new Firefox vulnerability described on http://lcamtuf.coredump.cx/ffbook/#

    The problem is already discussed on Bugzilla

    The extension Noscript, which has often been recommended here in the forum, is a good protection against this new vulnerability.
     
  2. tlu

    tlu Guest

    Ron, you merged my posting into this thread. That's okay - I just want to make sure that this is another vulnerability. It's probably advisable to forbid bookmarklets in Noscript as a countermeasure.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    My error Thomas. It is a separate issue. Post restored.
     
Loading...
Thread Status:
Not open for further replies.