Re: [Full-Disclosure] Cross-Platform Browser vulnerabilities - Critical
From: Daniel Veditz (dveditz_at_cruzio.com)
To: firstname.lastname@example.org Date: Sun, 08 Jun 2003 09:50:37 -0700
> to remote command execution. This has been tested on Microsoft,
> and many many Unices. Macintosh may also be vuln.
The exploit example you give is not remote command execution but rather a
violation of the same origin policy. Unless there are additional details you
are withholding this same flaw was reported on Bugtraq April 15
and fixed in Mozilla 1.3
> There are many, many more issues than I have discussed. The minimal
> release is for giving the blackhats time to play.
If instead you'd like to give the whitehats time to fix them details would
be gratefully received by "security" at "mozilla.org"
Mozilla security group member
Full-Disclosure - We believe in it.