meme-boi wrote: > Synopsis: > -------- > > Opera, Mozilla & Netscape with javascript enabled are vulnerable > to remote command execution. This has been tested on Microsoft, > and many many Unices. Macintosh may also be vuln.
The exploit example you give is not remote command execution but rather a violation of the same origin policy. Unless there are additional details you are withholding this same flaw was reported on Bugtraq April 15 http://www.securityfocus.com/archive/1/318777 and fixed in Mozilla 1.3 http://bugzilla.mozilla.org/show_bug.cgi?id=201132 > There are many, many more issues than I have discussed. The minimal > release is for giving the blackhats time to play. If instead you'd like to give the whitehats time to fix them details would be gratefully received by "security" at "mozilla.org" -Dan Veditz Mozilla security group member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
