Dear Paul, thanks for the information.
On Saturday 01 December 2007, you wrote: > > If you can exploit that with Firefox, Firefox should be fixed. > > Can you give more details? I would be very interested. > > Will do, offline (because it affects the main web login site of my > Uni). Essentially, I found that Firefox will inherit the charset of > the parent page, when that had been selected manually (does not > inherit the charset specified in headers or meta). I guess this is > a "new" bug in Firefox, maybe they should be told... This would require some social engineering but could probably be exploited in some cases. I think reporting it to the Firefox bugzilla would be a good idea. > > If it affects only one buggy browser, it's low impact. ... > > If that buggy browser is IE, used by 90% of the (deluded) > population, then is it not low impact. I have commited the patch to our SVN repository for etch. It will probably be released with etch r3 (or maybe r2, if that is delayed further). I still do not think it is important enough for a security advisory. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
