|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
From: Stefan Esser (sesser
hardened-php.net)
Date: Sat Feb 24 2007 - 02:21:51 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Matthew Flaschen schrieb:
> Stefan Esser wrote:
>
>> Microsoft just sent a nonsense mail to us, claiming that we had
>> disclosed this already to the public and that they like getting
>> advance notice.
>>
>
> I mean, that's fair enough. I mean, nobody's personality should get in
> the way of fixing security vulnerabilities. Err, I mean...
>
Well the point is they accused us somewhen in October 2006 to have
already disclosed this attack against Internet Explorer 7 to the public.
At that time IE7 was just released and we never said a word about IE7 at
all. Actually the only thing we did was announce that there is a trick
to do this with Firefox.In reality we waited 3.5 months before any
detail was made public with yesterdays advisory.
Stefan Esser
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]