Comments on: New Firefox cookie vulnerability, workaround

By: 幻想的世界

幻想的世界 — Sat, 17 Feb 2007 05:07:56 +0000

Firefox 2.0.0.1 安全性漏洞

今天在 Mozilla Taiwan 討論區發現了這個漏洞的消息。這漏洞主要是因為對 DOM ( Document Object Model ) 的 “location.hostname” 屬性的處理不當，以致於惡意的網站，有機會可以取得其他網站的 Co…

By: Percy Cabello

Percy Cabello — Sat, 17 Feb 2007 00:40:56 +0000

I noticed that the new preference is not listed in about:config after adding it during my tests but forgot to mentioned it in the article. However I see it in my prefs.js file and I could remove it from there at any time if necessary.

Haven’t tried it with NoScript installed though.

By: JS

JS — Sat, 17 Feb 2007 00:04:40 +0000

Also if I add it to Prefs.js with Firefox closed firefox removes the line when I launch it. Is NoScript doing this?

By: JS

JS — Fri, 16 Feb 2007 23:41:07 +0000

I have added this item in about:config and used the test site to see if it worked. Says I’m ok but I cannot see it in about:config. Does it hide itself, can it be removed if its proved troublesome?

Thanks
JS

By: ericsk’s blog » Firefox 2.0.0.1 的安全漏洞

ericsk’s blog » Firefox 2.0.0.1 的安全漏洞 — Fri, 16 Feb 2007 00:22:44 +0000

[...] Firefox 2.0.0.1 被發現有安全上的漏洞：New Firefox cookie vulnerability, workaround，以及 Bug report：Zalewski cookie setting / same-domain bypass [...]

By: Firefox 2.0.0.1 安全漏洞 at Gea-Suan Lin’s BLOG

Firefox 2.0.0.1 安全漏洞 at Gea-Suan Lin’s BLOG — Thu, 15 Feb 2007 21:49:14 +0000

[...] Firefox 2.0.0.1 因為對 DOM 的處理不當造成 Cookie 外漏以及其他的安全漏洞：New Firefox cookie vulnerability, workaround，Bug Report 在 Bugzilla@Mozilla 的 Zalewski cookie setting / same-domain bypass [...]