Monthly Archives: November 2007

Firefox 2.0.0.10 released

Posted on November 27, 2007 by Fernando

Mozilla Corporation just released Firefox 2.0.0.10 which includes fixes against JAR uri attacks. This issue affected browsers that used Gecko engine, a quick check showed me that only K-meleon browser was also updated, however there are several Gecko based web … Continue reading →

Posted in English, Security, XSS | Tagged firefox, gecko, jar, mozilla, Security, XSS | Leave a comment

Google Gadgets XSS (IE6/Opera)

Posted on November 25, 2007 by Fernando

There is a recent discussion on ha.ckers.org regarding a possible CSRF that could allow an attacker to inject an evil gadget on someobdy else’s iGoogle page. After checking the format of the xml file used to define the gadgets properties, … Continue reading →

Posted in English, Security, XSS | Tagged google, ie, Security, xml, XSS | 2 Comments

Firefox jar: Protocol Vulnerability

Posted on November 10, 2007 by Fernando

I just came across pdp’s finding jar protocol vulnerability on Mozilla Firefox, I think its a big issue, and the fact that it has been on bugzilla (#369814) for way more than ten fuck*ng days is not a good thing. … Continue reading →

Posted in English, Security, XSS | Tagged firefox, gecko, google, jar, mozilla, Security, XSS | 21 Comments

Monthly Archives: November 2007

Firefox 2.0.0.10 released

Google Gadgets XSS (IE6/Opera)

Firefox jar: Protocol Vulnerability

Archives

Meta