Sorry to disappoint you but this RCSR is nothing else than the usual Web Application Security Hype that happens when one of the big Web2.0 websites that does something really stupid is hit by old stuff.
The "new vulnerability" discovered in Firefox was already described in 2005 in Web Application Security talks and is already covered in atleast one german PHP Security Book from 2005. Stefan Esser pagvac schrieb: > FYI, it appears this issue was reported way back in August 2006 by RSnake: > > http://ha.ckers.org/blog/20061122/programmatic-password-theft-is-back/ > > On 11/24/06, pagvac <[EMAIL PROTECTED]> wrote: > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
