0 Members and 1 Guest are viewing this topic.
Multiple vendors' web browsers are prone a cross-site scripting vulnerability that arises because the software fails to handle specially crafted files served using the FTP protocol.Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an FTP session. This may allow the attacker to perform malicious actions in a user's browser or redirect the user to a malicious site; other attacks are also possible.
Totally BS! It is only FF that is vulnarable...
Multiple Vendor Web Browser FTP Client Cross Site Scripting WeaknessBugtraq ID: 31855Class: Design ErrorCVE: CVE-2008-4723CVE-2008-4724Remote: YesLocal: NoPublished: Oct 21 2008 12:00AMUpdated: Nov 04 2008 09:25PMCredit: Muris KurgasVulnerable: Mozilla Firefox 3.0.3Mozilla Firefox 3.0.2Mozilla Firefox 3.0.1Microsoft Internet Explorer 7.0+ Microsoft Windows Vista Ultimate+ Microsoft Windows Vista Ultimate+ Microsoft Windows Vista Ultimate+ Microsoft Windows Vista Home Premium+ Microsoft Windows Vista Home Premium+ Microsoft Windows Vista Home Premium+ Microsoft Windows Vista Home Premium+ Microsoft Windows Vista Home Premium+ Microsoft Windows Vista Home Basic+ Microsoft Windows Vista Home Basic+ Microsoft Windows Vista Home Basic+ Microsoft Windows Vista Home Basic+ Microsoft Windows Vista Home Basic+ Microsoft Windows Vista Enterprise+ Microsoft Windows Vista Enterprise+ Microsoft Windows Vista Enterprise+ Microsoft Windows Vista Enterprise+ Microsoft Windows Vista Enterprise+ Microsoft Windows Vista Business+ Microsoft Windows Vista Business+ Microsoft Windows Vista Business+ Microsoft Windows Vista Business+ Microsoft Windows Vista Business+ Microsoft Windows Vista 0+ Microsoft Windows Vista 0+ Microsoft Windows Vista 0+ Microsoft Windows Vista 0+ Microsoft Windows Vista 0Google Chrome 0.2.149 30Apple Safari 3
...and if you check you will see that FF is the (if it comes to security) the worst browser from the big 4 (IE, FF, Opera, Safari)