Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
- From: sesser at hardened-php.net (Stefan Esser)
- Subject: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
- Date: Sat, 24 Feb 2007 09:21:51 +0100
Matthew Flaschen schrieb: > Stefan Esser wrote: > >> Microsoft just sent a nonsense mail to us, claiming that we had >> disclosed this already to the public and that they like getting >> advance notice. >> > > I mean, that's fair enough. I mean, nobody's personality should get in > the way of fixing security vulnerabilities. Err, I mean... > Well the point is they accused us somewhen in October 2006 to have already disclosed this attack against Internet Explorer 7 to the public. At that time IE7 was just released and we never said a word about IE7 at all. Actually the only thing we did was announce that there is a trick to do this with Firefox.In reality we waited 3.5 months before any detail was made public with yesterdays advisory. Stefan Esser
- References:
- Prev by Date: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
- Next by Date: [Full-disclosure] New release: "OWASP TESTING GUIDE 2007"
- Previous by thread: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
- Next by thread: [Full-disclosure] [ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability
- Index(es):