carl hardwick wrote: > Found a lof of sites exploiting Firefox URI vulnerability!!!
Maybe I'm getting to these sites after they've been cleaned up, or maybe I'm just missing it, but what exactly are they exploiting and how? I don't see anything that looks like the recent announced Firefox URI problems (no firefoxurl: URIs, no %00 or double-quotes in URIs). One site did try to download a probably-malicious "codec.exe", but that was a simple "location=" trick that works on any browser (a save dialog came up). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
