User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:18.104.22.168) Gecko/20070713 Firefox/22.214.171.124 Build Identifier: http://www.mozilla.org/security/announce/2007/mfsa2007-24.html Should any of the following be in the description? "Dan says: "stealing sensitive data" should be sg:high (possibly lowered to sg:moderate if it's a completely unreliable attack, involves unlikely user interaction, or not really any potential victim sites matching the criteria. There are enough ajaxy sites potentially vulnerable to stick with 'high') Boris, which is it? Can you massage this description into just the cases we know about?" Reproducible: Always Steps to Reproduce: 1. 2. 3.
Basil fixed this this morning.