Closed Bug 312964 Opened 20 years ago Closed 20 years ago

Had a question about what is being done with XSS holes.

Categories

(Firefox :: General, enhancement)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 301375

People

(Reporter: gilletschko, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 I read this on PC World.com and here is only part of the article: Teen Uses Worm to Promote Site Manipulation pushes MySpace site to record hits, but raises security concerns. Eric Lai, Computerworld Tuesday, October 18, 2005 Known Vulnerability The attack depended on a long-known but little-protected vulnerability called cross-site scripting (XSS). XSS arises because many Web sites--apart from static sites that use only simple HTML code--are dynamic, allowing users to manipulate Web site source code. Web sites and Web browsers such as Internet Explorer and Firefox try to block such XSS holes, said Grossman. But the vulnerabilities continue to exist, for which he blames both the browser creators and the Web site operators. While both Firefox and Internet Explorer promise security enhancements in upcoming versions, Grossman said he doubts they will entirely fix the XSS problems. Reproducible: Didn't try
Please take discussions elsewhere, such as the mozillazine.org forums. Marking this as a dupe of a tracking bug (see its dependencies for some of the possible enhancements). *** This bug has been marked as a duplicate of 301375 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Summary: Had a question about what is being done with XSS holes. → Had a question about what is being done with XSS holes.
You need to log in before you can comment on or make changes to this bug.