Hello Moritz, On Tue, 2005-10-25 at 10:54 +0200, Moritz Muehlenhoff wrote: > There's been a report about an exploit for an Internet Explorer > flaw that may lead to disclosure of cookie information. This seems > to be different than #317739. Please see > http://cert.uni-stuttgart.de/archive/bugtraq/2005/10/msg00275.html > for more information.
After reading that text, I come to the conclusion that this is an issue in IE, not in phpBB. The bug is that IE will interpret files of type text/jpeg as HTML if they are in fact HTML. Hence, this is not a bug in phpBB, but something that affects anything where users can upload images, e.g.: all bulletin boards, many wikis, photo gallery software, webmail clients etc etc. There's no clear path to a fix these things there, while Microsoft is appearently working on patching the problem on their side. Therefore, I'm concluding that this is not a phpbb bug. Do you agree? Thijs
signature.asc
Description: This is a digitally signed message part
