The Unbearable Lightness Of Non-Fixing: A Short Study in Security Reactiveness And Proactiveness

Roughly 100 days after the Binary Planting (a.k.a. DLL hijacking, DLL preloading, Insecure Library Loading) vulnerability has been (re)discovered in hundreds of Windows applications (and likely undiscovered in thousands more), we've taken a unique opportunity to compare software vendors' fixing

Mozilla Firefox 3.6.12 Denial of Service Vulnerability

PoC: body onload=location='';alert('DoS'); By: Pouya Daneshmand Advisory: http://securitylab.ir/Advisories/Firefox%203.6.12%20Denial%20of%20Service%20Vulnerability.txt

[eVuln.com] Multiple XSS in MCG GuestBook

New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html ---Summary--- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross

[eVuln.com] email XSS in SimpLISTic

New eVuln Advisory: email XSS in SimpLISTic Summary: http://evuln.com/vulns/145/summary.html Details: http://evuln.com/vulns/145/description.html ---Summary--- eVuln ID: EV0145 Software: SimpLISTic Vendor: Mrcgiguy Version: 2.0 Critical Level: low Type: Cross Site

Re: Mozilla Firefox 3.6.12 Denial of Service Vulnerability

body onload=location='';alert('DoS'); Welcome to the world of browsers. You could just as easily do while(1) alert(1). See: http://code.google.com/p/browsersec/wiki/Part2#Defenses_against_disruptive_scripts /mz