Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jay D. Dyson (jdysontreachery.net)
Date: Sat Feb 26 2005 - 11:53:29 CST
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 26 Feb 2005, Paul wrote:
> A minor security vulnerability exists in the way that Firefox handles
> cross-domain image dragging. Dragging an image into the address bar will
> url and the page to be navigated from is in a different domain than the
> page on which the image is shown. This may potentially allow attackers
> to steal cookies, etc.
Just one question: what could possibly compel someone to drag a
broken image into their browser's location bar? I'm not trying to be a
wiseguy. I'm honestly puzzled as to why anyone would take an obviously
broken image and drag it into the browser location bar.
Side note: the behavior you describe is the same if one
> User Reccomendations:
> Do not drag images into the address bar.
they can also be dragged into the location bar.
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdysontreachery.net -----<) | = |-'
`--' `--' `-I just started World War III. You're welcome.-' `------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
-----END PGP SIGNATURE-----