Comments on: New Firefox cookie vulnerability, workaround http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/ Your source for Mozilla news, tips, reviews, and more. Thu, 18 Mar 2010 00:33:56 -0700 http://wordpress.org/?v=2.9.2 hourly 1 By: 幻想的世界 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/comment-page-1/#comment-7627 幻想的世界 Sat, 17 Feb 2007 05:07:56 +0000 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/#comment-7627 <strong>Firefox 2.0.0.1 安全性漏洞</strong> 今天在 Mozilla Taiwan 討論區 發現了這個漏洞的消息。這漏洞主要是因為對 DOM ( Document Object Model ) çš„ “location.hostname” 屬性的處理不當,以致於惡意的網站,有機會可以取得其他網站的 Co... Firefox 2.0.0.1 安全性漏洞

今天在 Mozilla Taiwan 討論區 發現了這個漏洞的消息。這漏洞主要是因為對 DOM ( Document Object Model ) çš„ “location.hostname” 屬性的處理不當,以致於惡意的網站,有機會可以取得其他網站的 Co…

]]> By: Percy Cabello http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/comment-page-1/#comment-7579 Percy Cabello Sat, 17 Feb 2007 00:40:56 +0000 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/#comment-7579 I noticed that the new preference is not listed in about:config after adding it during my tests but forgot to mentioned it in the article. However I see it in my prefs.js file and I could remove it from there at any time if necessary. Haven't tried it with NoScript installed though. I noticed that the new preference is not listed in about:config after adding it during my tests but forgot to mentioned it in the article. However I see it in my prefs.js file and I could remove it from there at any time if necessary.

Haven’t tried it with NoScript installed though.

]]> By: JS http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/comment-page-1/#comment-7575 JS Sat, 17 Feb 2007 00:04:40 +0000 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/#comment-7575 Also if I add it to Prefs.js with Firefox closed firefox removes the line when I launch it. Is NoScript doing this? Also if I add it to Prefs.js with Firefox closed firefox removes the line when I launch it. Is NoScript doing this?

]]> By: JS http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/comment-page-1/#comment-7569 JS Fri, 16 Feb 2007 23:41:07 +0000 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/#comment-7569 I have added this item in about:config and used the test site to see if it worked. Says I'm ok but I cannot see it in about:config. Does it hide itself, can it be removed if its proved troublesome? Thanks JS I have added this item in about:config and used the test site to see if it worked. Says I’m ok but I cannot see it in about:config. Does it hide itself, can it be removed if its proved troublesome?

Thanks
JS

]]> By: ericsk’s blog » Firefox 2.0.0.1 的安全漏洞 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/comment-page-1/#comment-7389 ericsk’s blog » Firefox 2.0.0.1 的安全漏洞 Fri, 16 Feb 2007 00:22:44 +0000 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/#comment-7389 [...] Firefox 2.0.0.1 被發現有安全上的漏洞:New Firefox cookie vulnerability, workaround,以及 Bug report:Zalewski cookie setting / same-domain bypass [...] [...] Firefox 2.0.0.1 被發現有安全上的漏洞:New Firefox cookie vulnerability, workaround,以及 Bug report:Zalewski cookie setting / same-domain bypass [...]

]]> By: Firefox 2.0.0.1 安全漏洞 at Gea-Suan Lin’s BLOG http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/comment-page-1/#comment-7372 Firefox 2.0.0.1 安全漏洞 at Gea-Suan Lin’s BLOG Thu, 15 Feb 2007 21:49:14 +0000 http://mozillalinks.org/wp/2007/02/new-firefox-cookie-vulnerability-workaround/#comment-7372 [...] Firefox 2.0.0.1 因為對 DOM 的處理不當造成 Cookie 外漏以及其他的安全漏洞:New Firefox cookie vulnerability, workaround,Bug Report 在 Bugzilla@Mozilla çš„ Zalewski cookie setting / same-domain bypass [...] [...] Firefox 2.0.0.1 因為對 DOM 的處理不當造成 Cookie 外漏以及其他的安全漏洞:New Firefox cookie vulnerability, workaround,Bug Report 在 Bugzilla@Mozilla çš„ Zalewski cookie setting / same-domain bypass [...]

]]>