[gopher] XSS in Gopher in Fx 3.6.11
Nuno J. Silva
nunojsilva at ist.utl.pt
Thu Oct 21 00:57:21 UTC 2010
Cameron Kaiser <spectre at floodgap.com> writes:
> http://www.mozilla.org/security/announce/2010/mfsa2010-68.html
>
> I'd like to see this bug, but Bugzilla has it sec-locked still. I wonder
> if OverbiteFF is vulnerable to it also (I don't think so, I tried to do
> as much as I could to sanitize it).
Security through obscurity is interesting - the bug is still locked.
I suppose that if they didn't have already decided to remove gopher
support, they'd do it now to "fix" this bug.
More information about the Gopher-Project
mailing list