Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords

To:	quincy@gmail.com
Subject:	Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip
From:	3APA3A <3APA3A@SECURITY.NNOV.RU>
Date:	Thu, 21 Dec 2006 18:23:26 +0300
Cc:	bugtraq@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	bugtraq-list@securepoint.com
Delivered-to:	mailing list bugtraq@securityfocus.com
Delivered-to:	moderator for bugtraq@securityfocus.com
In-reply-to:	<20061220100254.8796.qmail@securityfocus.com>
List-help:	<mailto:bugtraq-help@securityfocus.com>
List-id:	<bugtraq.list-id.securityfocus.com>
List-post:	<mailto:bugtraq@securityfocus.com>
List-subscribe:	<mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list:	contact bugtraq-help@securityfocus.com; run by ezmlm
Organization:	http://www.security.nnov.ru
References:	<20061220100254.8796.qmail@securityfocus.com>
Reply-to:	3APA3A <3APA3A@SECURITY.NNOV.RU>

Dear quincy@gmail.com,

It's

https://bugzilla.mozilla.org/show_bug.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&id=360493

and  it  was  discussed. It can only steal password from the site if site
allows to upload form or has crossite scripting errors.

--Wednesday, December 20, 2006, 1:02:54 PM, you wrote to 
bugtraq@securityfocus.com:

qgc> critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a 
videoclip
qgc> PoC here: http://www.info-svc.com/news/11-21-2006/rcsr1/


-- 
~/ZARAZA
http://www.security.nnov.ru/

<Prev in Thread]	Current Thread	[Next in Thread>
critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, quincy Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, 3APA3A <= Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Thierry Zoller

Previous by Date:	Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Alexander Sotirov
Next by Date:	SQID v0.1 - SQL Inhection Digger., contact
Previous by Thread:	critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, quincy
Next by Thread:	Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio
Indexes:	[Date] [Thread] [Top] [All Lists]