Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: Google XSS



         NoScript (> 1.1.7.8.)


http://isc.sans.org/diary.html?n&storyid=3636
 Google XSS
Published: 2007-11-11,
Last Updated: 2007-11-11 23:46:11 UTC
by Marcus Sachs (Version: 1)

Juha-Matti reminded us of a new Google cross-site scripting issue related to a 
recent JAR: protocol vulnerability in Firefox that was reported by Petko D 
Petkov on Saturday:

http://www.gnucitizen.org/blog/severe-xss-in-google-and-others-due-to-the-jar-protocol-issues

References:

http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues

http://www.securityfocus.com/bid/26385

http://secunia.com/advisories/27605/

http://www.kb.cert.org/vuls/id/715737




 




Copyright © Lexa Software, 1996-2009.