Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
The Firefox password manager vulnerability
Posted Nov 30, 2006 8:22 UTC (Thu) by mms (subscriber, #11532)
So, is Konqueror vulnerable to this very problem? I'm not really sure.
Posted Nov 30, 2006 9:11 UTC (Thu) by nix (subscriber, #2304)
(Why [,;!] and not ?, I wonder? The comment in the code implies that this
is working around a `potential security issue' but doesn't say what that
Posted Nov 30, 2006 9:13 UTC (Thu) by khim (subscriber, #9252)
Previous answer was much better then your long tirada. Have you even read the article ?
The problem happens not when the wrong site shows the form. Problem happens when "trusted" site allow HTML in posts! Then you can put form with TARGET="malicious site" and fqdn or not fqdn - password will be sent to cracker...
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds