--
From: Mike Hommey m...@glandium.org
Sent: Monday, November 16, 2009 1:00 PM
To: Michael Gilbert michael.s.gilb...@gmail.com;
556...@bugs.debian.org
Subject: Re: Bug#556272: epiphany-browser: CVE-2007-1084 bookmarklets
cross-site info disclosure
On Mon, Nov 16, 2009 at 11:48
Le samedi 14 novembre 2009 à 20:36 -0500, Michael Gilbert a écrit :
The following CVE (Common Vulnerabilities Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to bypass
On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote:
Le samedi 14 novembre 2009 à 20:36 -0500, Michael Gilbert a écrit :
The following CVE (Common Vulnerabilities Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users
Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit :
On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote:
What’s a bookmarklet? I don’t even know whether epiphany supports this.
It's javascript code you bookmark and can run on any site. A bit like
greasemonkey, but
On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote:
Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit :
On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote:
What’s a bookmarklet? I don’t even know whether epiphany supports this.
It's javascript code you
On Mon, Nov 16, 2009 at 11:25:04AM -0500, Michael Gilbert wrote:
On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote:
Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit :
On Mon, Nov 16, 2009 at 09:17:58AM +0100, Josselin Mouette wrote:
What’s a bookmarklet? I don’t
On Mon, 16 Nov 2009 17:34:39 +0100, Mike Hommey wrote:
On Mon, Nov 16, 2009 at 11:25:04AM -0500, Michael Gilbert wrote:
On Mon, 16 Nov 2009 09:53:36 +0100, Josselin Mouette wrote:
Le lundi 16 novembre 2009 à 09:37 +0100, Mike Hommey a écrit :
On Mon, Nov 16, 2009 at 09:17:58AM +0100,
On Mon, Nov 16, 2009 at 11:48:29AM -0500, Michael Gilbert wrote:
so, you're saying that this is a good feature and hence must be kept
based on the fact that it is currently available in a lot of browsers
(i.e. all gecko-based browsers and no webkit/khtml browsers)?
It works in (at least)
Package: epiphany-browser
Version: 2.29.1-2
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published.
CVE-2007-1084[0]:
| Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
| saving bookmarklets, which allows remote attackers to
9 matches
Mail list logo