logo
DATABASE RESOURCES PRICING ABOUT US

[FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-03 http://flock.com/security/ Title: javascript: url with a leading NULL byte can bypass cross origin protection (XSS) Impact: High Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4112 CVEs (cve.mitre.org): CVE-2010-1236 Details: A javascript: url with a leading NULL byte can bypass cross origin protection, which has unspecified impact and remote attack vectors. Credit to kuzzcc (for Chromium) and Lostmon Lords (for Flock). References: https://bugs.webkit.org/show_bug.cgi?id=35948 http://code.google.com/p/chromium/issues/detail?id=37383 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMj6snAAoJEPzFtDWO6ceqQ9sQAJdW6oNQqL5QglNP53pQ17Be LnwWdsAQ8vNtUwlGvBJnlSbVELXtR1TnrJ8DQiUH+qgWqiiSUPQmoTb1O6wE4rXZ tyLZAmCK4vjZdonJQ4Cb2vx+QT+aSd7r+14E1JESjQBE3t8iVirFeElVNS8Jui2l /C++r3nQI0BLK6fc9eQzxHp7eBXCcu7YGw24QMA+xmkagJEI7a4Ijio36Gh7huqJ 6nwzZNYccl0aziepnTN9vC1C/z8/xEVBMjJv9K3SZ3n3Xdth2LfmC9Zl+7OP57Sb LhZUgkTQsE4spsd7BFUfIkB3fbGH1m3X9SnmR6enDuN1bd0nxML95FZGz6jHnMhz Kw0Gj02D/25QPe4bdwvuR5C//xxms4bd6Sku27tEaYHzfiqS3MzkAhbgiHKJtukP 5qn3EmwWGVnWUnw30+jUyKfcnsKrJ2991vYseP3dOEMNL4YDz8hPnCYPxnHUDpIz YX9E8XNHOg5l6fnRLWTnRkeeQqMWZC+1XsMkoOe7Yj5Gx2aylK13N8flFx7Jk/vZ lHYSGYiymFmFqjjCIGIddXbTvW3D/rEboTxwoMkUXdq9rCwUIRHA8k8zOS709tqY lLg5+vsah2PT5WD1MJCzke3fQmr+g35Jfqppa/x9nEWhHsWBSBsZfFTCXL9lWz6w fqrdrSEPNI2jMVBTeVeC =/KZw -----END PGP SIGNATURE-----


Related