[security] document.domain
gaz_sec at hushmail.com
gaz_sec at hushmail.com
Fri Jun 29 15:09:09 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all again
I have also released details of a Safari beta vulnerability:-
www.thespanner.co.uk/2007/06/29/safari-same-origin-hole/
Basically the document.domain property can be manipulated on IE6,
IE7 and Safari so it would be of great concern for OpenID
providers. This is why I suggest always asking for a password on a
site confirmation.
Cheers
Gareth
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkaFIEoACgkQrR8fg3y/m1Di5AP/VTN/OOmmolhK+rdTGczl0nOY4oCy
rg+uTjlYIX6yltTQyy2GD7sj2YgZg+wfwC6ov6yMY6//Opi3r5fSIiGME0Mhj+mplA+l
uizHW6iLCyI8AqsCDQqIAthSWmi6R/ZhOdFUWaMq1qduwzJ6hX56GTouvedykUnwPSM5
uFzB7sM=
=a28B
-----END PGP SIGNATURE-----
--
Need cash? Apply now for a credit loan with fast approval
http://tagline.hushmail.com/fc/Ioyw6h4d9GwEm0FPs58JLYOkiKVDgahgMOjrFD5eoajaeMrbyrXHXm/
More information about the security
mailing list