Closed Bug 312964 Opened 19 years ago Closed 19 years ago

Had a question about what is being done with XSS holes.

Categories

(Firefox :: General, enhancement)

x86
Windows XP
enhancement
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 301375

People

(Reporter: gilletschko, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

I read this on PC World.com and here is only part of the article:  Teen Uses
Worm to Promote Site
 
Manipulation pushes MySpace site to record hits, but raises security concerns.

Eric Lai, Computerworld
Tuesday, October 18, 2005
  Known Vulnerability

The attack depended on a long-known but little-protected vulnerability called
cross-site scripting (XSS). XSS arises because many Web sites--apart from static
sites that use only simple HTML code--are dynamic, allowing users to manipulate
Web site source code.

Web sites and Web browsers such as Internet Explorer and Firefox try to block
such XSS holes, said Grossman. But the vulnerabilities continue to exist, for
which he blames both the browser creators and the Web site operators. 
  While both Firefox and Internet Explorer promise security enhancements in
upcoming versions, Grossman said he doubts they will entirely fix the XSS problems.


Reproducible: Didn't try
Please take discussions elsewhere, such as the mozillazine.org forums.  Marking
this as a dupe of a tracking bug (see its dependencies for some of the possible
enhancements).

*** This bug has been marked as a duplicate of 301375 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Summary: Had a question about what is being done with XSS holes. → Had a question about what is being done with XSS holes.
You need to log in before you can comment on or make changes to this bug.