Exploit за Firebug

December 29, 2007

Прочетете това, ако ползвате полезния плъгин за Firefox. Гаднярско е, точно tool за програмисти да е vulnerable.

Публикувано в: Гърнето с боба 1 коментар RSS 2.0

Ако постът ви харесва, цъкнете на сърцето:


1 коментар на “Exploit за Firebug”

  1. Симеон Чиков on January 9th, 2008 10:01

    Joe Hewitt,
    April 6th, 2007 at 3:44

    I have fixed this issue and and released 1.04.

    As you suggested, I now escape all text before inserting it into HTML, rather than leaving it up to the caller. I’ve also added support for disabling file: urls.

    I hope there aren’t any more vulnerabilities to be found, but if there are, please give me a day to patch it before you publish. I do appreciate you taking the time to make Firebug more secure, but it’s better for everyone to have the patch surface before the exploit.

    It is a good think that Firefox has an automatic update system, so every Firebug user should be secured within a few days.

Оставете отговор