Bug#349339: mozilla-firefox: XSS exploit through external
stylesheets (css) and xbl
Alexander Sack
asac at debian.org
Sun Jan 22 12:50:22 UTC 2006
Package: mozilla-firefox
Severity: important
Tags: security
X-Debbugs-CC: pkg-mozilla-maintainers at lists.alioth.debian.org
IMHO important, since it's a bit of a stupid idea to host stylesheets
externally - like livejournal did!
Background info here:
https://bugzilla.mozilla.org/show_bug.cgi?id=324253
http://www.davidpashley.com/cgi/pyblosxom.cgi/computing/livejournal-mozilla-bug.html
http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html
- Alexander
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
asac at jwsdot.com | `. `' Operating System
http://www.asoftsite.org | `- http://www.debian.org
More information about the pkg-mozilla-maintainers
mailing list