[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

To: Stefan Esser <sesser@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Date: Fri, 23 Feb 2007 22:59:35 +0100 (CET)

On Fri, 23 Feb 2007, Stefan Esser wrote:

> Proof of Concept:
>
>    The Hardened-PHP Project is not going to release a proof of concept
>    exploit for this vulnerability.

...because pretty much no exploit is needed. Scary. Good catch.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
  - From: pdp (architect)

References:
- [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
  - From: Stefan Esser

Prev by Date: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
Next by Date: [Full-disclosure] [ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability
Previous by thread: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
Next by thread: Re: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
Index(es):
- Date
- Thread