Simpliciti Locked Browser Jail Breakout Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Simpliciti Locked Browser Jail Breakout Vulnerability
From: dc@xxxxxxxxxxxxxx
Date: 22 Aug 2006 16:35:43 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

>From vendor: 

In order to access this vulnerabilty, the user has to intentional visit a page 
which has intentional created the malious exit javascript.

The product has many security functions built in to prevent this occuring. 
The products setting screens allow the product to easily prevent this occuring, 
by setting the main URl to URL that does not allow access to out side web 
sites, additional site restrictions can be entered to ensure that a user cannot 
access anything but the desired pages or sites.

The issue will be fixed in the next release of the product, but in the mean 
time is entirely preventable in any normal type of implementation of the 
product.

Prev by Date: Vendor Statement: fixed Mobotix IP Network Cameras Multiple XSS bug
Next by Date: EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable
Previous by thread: Simpliciti Locked Browser Jail Breakout Vulnerability
Next by thread: TSEP <= 0.942 Remote File Include
Index(es):
- Date
- Thread