I was recently taking a look at Konquerer and spotted an example of universal XSS. Essentially, the error page displayed when a requested URL is not available includes said URL. If said URL includes HTML fragments these will be rendered. CVE-2010-2952 has been assigned to this issue.
Tim -- Tim Brown <mailto:t...@nth-dimension.org.uk> <http://www.nth-dimension.org.uk/>
NDSA20110321.txt.asc
Description: PGP signature
signature.asc
Description: This is a digitally signed message part.
