Cross Context Scripting with Sage

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx, petea@xxxxxxx
Subject: Cross Context Scripting with Sage
From: "pdp (architect)" <pdp.gnucitizen@xxxxxxxxxxxxxx>
Date: Fri, 8 Sep 2006 21:02:03 +0100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=DkfZkbmi//fgxVx68yklBqJoDJss74c7yYtdSQXPzXD/KHoSbT2AB66jzAcl2PxUgvSB1pnIN/Wjq/R4VgX8Ai4VdE6iyAP4lV8cZ4hM3zCQpUQxOkFOwET53kgT1tVUPFBDVC6LJL0hNx4e3ZdleTb5i5Rx8OLqmXkQNX9UTNw=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Cross Context Scripting in Firefox Sage Extension.
http://www.gnucitizen.org/blog/cross-context-scripting-with-sage

This proves that Firefox Extensions can be as dangerous as random
flash or quicktime media files. Moreover, the POC provides a real
example of how RSS feed Hacking really works.

--
pdp (architect)
http://www.gnucitizen.org

Prev by Date: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
Next by Date: Re: [Full-disclosure] Re: RSA SecurID SID800 Token vulnerable by design
Previous by thread: Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
Next by thread: [SECURITY] [DSA 1172-1] New bind9 packages fix denial of service
Index(es):
- Date
- Thread