Closed
Bug 312964
Opened 19 years ago
Closed 19 years ago
Had a question about what is being done with XSS holes.
Categories
(Firefox :: General, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 301375
People
(Reporter: gilletschko, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 I read this on PC World.com and here is only part of the article: Teen Uses Worm to Promote Site Manipulation pushes MySpace site to record hits, but raises security concerns. Eric Lai, Computerworld Tuesday, October 18, 2005 Known Vulnerability The attack depended on a long-known but little-protected vulnerability called cross-site scripting (XSS). XSS arises because many Web sites--apart from static sites that use only simple HTML code--are dynamic, allowing users to manipulate Web site source code. Web sites and Web browsers such as Internet Explorer and Firefox try to block such XSS holes, said Grossman. But the vulnerabilities continue to exist, for which he blames both the browser creators and the Web site operators. While both Firefox and Internet Explorer promise security enhancements in upcoming versions, Grossman said he doubts they will entirely fix the XSS problems. Reproducible: Didn't try
Comment 1•19 years ago
|
||
Please take discussions elsewhere, such as the mozillazine.org forums. Marking this as a dupe of a tracking bug (see its dependencies for some of the possible enhancements). *** This bug has been marked as a duplicate of 301375 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Summary: Had a question about what is being done with XSS holes. → Had a question about what is being done with XSS holes.
You need to log in
before you can comment on or make changes to this bug.
Description
•