Re: CVE-2008-2168

[William A. Rowe, Jr.]

Nick Gearls wrote:

> Cross-site scripting (XSS) vulnerability when displaying the 403 Forbidden error page

I can't find any info about this issue on the site.
I guess this could also touch some other error numbers (404, ...).
Any patch to fix this ?

Btw, is there a way to be notified about security issues ?
Couldn't we add a RSS flux to the security page ?

As this is an IE vulnerability, it was not noted.  Once fixed, your browser
users continue to be exploitable as long as UTF-7 is a recognized encoding.
Only the particular application changes.