logo
DATABASE RESOURCES PRICING ABOUT US

[FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS)

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-01 http://flock.com/security/ Title: A malformed favourite can bypass cross origin protection (XSS) Impact: Moderate Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4094 CVEs (cve.mitre.org): CVE-2010-3202 Details: A malformed favourite imported from an HTML file, imported from another browser, or manually created can bypass cross-origin protection, which has unspecified impact and attack vectors. Credit to Lostmon Lords. References: http://www.securityfocus.com/archive/1/513214 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMj6pnAAoJEPzFtDWO6ceq30QP/2E5J1fKuOBHA+0e8+1gjwsB kNoGmnGKRMzhG2wK0gtC1PVsQWCZs+PFNg9zC9uiwMosp4NuZ4gWmB19dmfyESzK hMxc4YHhbhizpiG089jVdB6bckSZz25M1HTdAsQC46ok5yijCzuaffoZ6lIuvzst p1mjK70k7yQLyzBdNiS89BF7XLy+jlXcJMUq+ZB+ozxIPoZlrDuEvRdRgJ7yZ1bU wUEIQd8zO9ZKwR9gEOlBoClqIKaNoNz2PeIGCAi0LB4qWpdRuzauk/1gZ7cuYXE8 VWBKqz7CcJ6rC2VRDCpM3QPGRJp9OZHBdh40DibCTPjw6B58BKbOvsP+aJKj30A0 om01tQxtdNYiEebmhk0K07BxpULLlM8iLGKabpFkf0+YhYmJzXA+fq4dW0UIFFPm fjphwUciAIDhDMqMHKZkHrh4wugPVYeRUvHvQ4uL2qHs30O5LOhZXk9rzsifUUnH yRpWShj++lNYNi59fz07KLHeY0X9bdMsgTIhICkFdRDHmDLldkeg82qwt7jD/CCY hA68OlGL/jks9j9YqRBEZSIK5nc7Wc2mULqoM1r27MHMmAA/VLWyBcr1wIXBwgdE BlywqDW5y1ojZjHHaUIVoXjkxIgY5hqct1yY1/D7q+f5TDrCtXvm6OdkPmFTdWhP V4mPpfWMQVWr/JWlSAbk =HfQE -----END PGP SIGNATURE-----


Related