Re: XMB cross-scripting vulnerability: msg#00388 security.bugtraq

In-Reply-To: <.iD6VJLPQh16WL2@xxxxxxxxxxxx>

Actually, the subject message WAS accurate insome respects, however, it is NOT
true at this
point. In February, there was a pre-beta version being used on the XMB support
forum, and that
version DID indeed have the javascript security flaw. When several people,
including, I suspect,
the poster of the original message repeatedly used that exploit to showthe
vulnerabilty, the
current developers of version1.6 made theneeded cahnges, and the hole no longer
exists.

Version1.6 is now in a final beta, and that security hole, along with another
that we beta testers
found, has been closed.

Joe McManus, XMB 1.6 Beta Tester.

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS: 00388, Andrew Kunz
Next by Date:	Re: ecartis / listar PoC: 00388, John Madden
Previous by Thread:	[CLA-2002:476] Conectiva Linux Security Announcement - webalizeri: 00388, secure
Next by Thread:	IndiaTimes.com - Email - Session hijacking and Inbox Blocking: 00388, Giri Sandeep
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS: 00388, Andrew Kunz

Next by Date:

Re: ecartis / listar PoC: 00388, John Madden

Previous by Thread:

[CLA-2002:476] Conectiva Linux Security Announcement - webalizeri: 00388, secure

Next by Thread:

IndiaTimes.com - Email - Session hijacking and Inbox Blocking: 00388, Giri Sandeep

Indexes:

[Date] [Thread] [Top] [All Lists]