|
|
RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS): msg#00429security.bugtraq
> Demonstration: > ============== > > A fully dynamic proof-of-concept demonstration > of this issue is available at > http://security.greymagic.com/adv/gm001-ns/. As some of you may have noticed, the above proof-of-concept does not work in Mozilla 1.0 Release Candidate 1. Don't get your hopes high about this though, the issue has not been fixed in moz1rc1 - the XMLHttpRequest was simply broken in this version of the browser for unknown reasons, a fact not mentioned in the release notes. When trying to use it, either nothing happens or the browser crashes. The proof-of-concept works just fine in Mozilla 0.9.9 (and NS6.1+), and would work fine in moz1rc1 if the XMLHttpRequest object could be used at all. The Mozilla XML-Extras project also includes a document.load method that is used to load XML documents. The same issue applies to this method, and a proof-of-concept demonstration that also works in moz1rc1 can be found at http://jscript.dk/2002/4/NS6Tests/documentload.html Regards Thor Larholm Jubii A/S - Internet Programmer |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | SuSE Security Announcement: sudo (SuSE-SA:2002:014): 00429, Sebastian Krahmer |
|---|---|
| Next by Date: | ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor: 00429, X-Force |
| Previous by Thread: | RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)i: 00429, Rui Miguel Silva Seabra |
| Next by Thread: | KPMG-2002016: Bea Weblogic incorrect URL parsing issues: 00429, Peter Gründl |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |