Articles in “Vulnerabilities”

chrome protocol directory traversal

Issue A vulnerability in the chrome protocol scheme allows directory traversal when a “flat” add-on is present resulting in potential information disclosure. Impact When a chrome package is “flat” rather … Read more

BasicAuth dialog realm value spoofing

Issue The realm value in a basic authentication dialog may be spoofed by a attacker to trick users into thinking the authentication request is coming from a different, trusted site. … Read more

jar: Protocol XSS Security Issues

Issue jar: protocol is not restricted to java archives and will open any zip format file. An attacker can use this to evade filtering on sites that allow users to … Read more

Firefox now available

Firefox was released this afternoon to patch the QuickTime issue described here. This will protect Firefox users from the public critical security vulnerability until a patch is available from … Read more

Firefox now available

We’ve just released Firefox which contains a security patch to mitigate the issue described here. The patch enables percent-encoding for spaces and double-quotes in URIs handed off to external … Read more

Zalewski reports bugs in Firefox

The bugs Michael Zalewski posted to full-disclosure yesterday are getting some attention in the press. The information below is intended to provide some clarity on the severity of these issues … Read more