[G3]-Technews
[G3]-TechNews : Home| RSS | Atom | MSN | WAP

 Stickies:
Article: Step-by-Step Guide: How to set up a VPN
Article: Download: Microsoft Monad (Beta)
Article: Building a 64-Bit Multimedia Workstation
Article: Coming Soon to Windows: The Microsoft Shell (MSH)
Article: How to Reset Win NT / 2000 / XP Administrator Password
Article: The Technology Behind Dual Core CPUs
Article: How-To: Wireless Network Security
Article: Article: PCI Express - technology backgrounder
Article: Tutorial: Access Hidden Files on Your iPod
Article: Troubleshooting drivers with XP's hidden Driver Verifier Manager
Article: How to Make a 5 in 1 Network Cable
Article: Comparison - Blu-ray & HD DVD
Article: Beginners Guides Linux : Part 1 | Part 2 | Part 3
Article: How To Crack WEP (Wired Equivalent Privacy)
Article: Email Addresses Spoofing.
Link: Free PHP ebook
Link: FREE ASP.NET books and eLearning course
Link: Free registration code for Opera 8.
Invitations: Gazzag (Here) | Yahoo! 360 (Here)  | Orkut (Here)

Firefox Address Bar Image Dragging Remote Script Execution Vulnerability
Contributed by: G3nu1n3, at 2/28/2005 12:13:00 AM.

Even hits Firefox 1.0.1

A remote script execution vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly validate the origin of scripts prior to execution when loaded into a browser window by dragging JavaScript image URIs into the address bar.

An attacker may leverage this issue to execute arbitrary script code in the context of a target Web site in the browser of an unsuspecting user. This may facilitate cookie-based authentication credential theft as well as other attacks.

This vulnerability affects both Mozilla Firefox 1.0 and the newly updated Mozilla Firefox 1.0.1.

Currently there is no workaround for this problem

Details: Here


Important:
To Read MOST UPDATED News Items browse to HOME page.

0 Comments:

Post a Comment

<< Home



[G3]-TechNews : Home| RSS | Atom | MSN | WAP


Archives :

- Monthly Archives :


- Post Count: 1,783 before June 1, 2005. (Since: October 26, 2004)