[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Safari/WebCore Content Sniffing

Subject: Re: [Full-Disclosure] Safari/WebCore Content Sniffing
From: Jesse Ruderman <jruderman@xxxxxxx>
Date: Mon, 23 Aug 2004 10:38:30 -0500

Mozilla does content sniffing on text/plain if the content includes control characters ("invalid text/plain content"). Is this incorrect? Is it a security hole -- for example, does it introduce XSS holes or allow executable files to be run without a proper warning?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Safari/WebCore Content Sniffing
  - From: fukami
- Re: [Full-Disclosure] Safari/WebCore Content Sniffing
  - From: Nicob

Prev by Date: Re: [Full-Disclosure] Windows Update
Next by Date: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
Previous by thread: Re: [Full-Disclosure] Safari/WebCore Content Sniffing
Next by thread: RE: [Full-Disclosure] Windows Update
Index(es):
- Date
- Thread