Nick Gearls wrote:
> Cross-site scripting (XSS) vulnerability when displaying the 403
Forbidden error page
I can't find any info about this issue on the site.
I guess this could also touch some other error numbers (404, ...).
Any patch to fix this ?
Btw, is there a way to be notified about security issues ?
Couldn't we add a RSS flux to the security page ?
As this is an IE vulnerability, it was not noted. Once fixed, your browser
users continue to be exploitable as long as UTF-7 is a recognized encoding.
Only the particular application changes.
