[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit

Subject: Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
From: Jesse Ruderman <jruderma@xxxxxxxxxx>
Date: Sat, 30 Oct 2004 23:18:20 -0700

n3td3v wrote:

Should the general public be expecting a disclosure of the
vulnerability to security mailing lists once a solution has been
implemented to patch the hole, so other web-based services are aware
of the possibility of the same problem being an issue for them, or
should gmail be keeping everything secret after they patch.

I'd be surprised if the vulnerability wasn't something already mentioned on http://www.squarefree.com/securitytips/web-developers.html#XSS .

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: Shoshannah Forbes
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: Calum Power
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: morning_wood
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: Calum Power
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: morning_wood
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: n3td3v

Prev by Date: Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
Next by Date: Re: [SPAM] Re: [Full-Disclosure] Re: I will be awaiting your immediate response.
Previous by thread: Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
Next by thread: [Full-Disclosure] [OpenPKG-SA-2004.045] OpenPKG Security Advisory (mysql)
Index(es):
- Date
- Thread