On Thu, 2010-12-16 at 02:26 +1100, dave b wrote: > I hate it when some one beats me to a bug report. > https://addons.mozilla.org/en-US/firefox/user/5578717/ (this example > will only work against firefox). > The xss occurs due to no filtering / escaping the display name attribute for a > user.
Cute. Very cute. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
