• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (119)

1 localhost commented Trackback

Seems like this could be solved pretty simply if the browsers *only* evaled things with a Content-Type of "application/x-javascript" via the

2 localhost commented Trackback

The exploit only allows an unauthorized party to read confidential data in the case where a server decides to send confidential data to unauthorized parties. Fortify has done a great job of confusing people by focusing on the wrong end of the network.

3 localhost commented Trackback

Douglas, you're right. If I understand things correctly the main danger of this exploit is that it increases the scope of the cross site request forgery attack.

Just thinking out loud:
A user authenticates with example.com via Basic Auth (or something similar). This authorizes the user to visit the protected example.com/data.txt, which happens to contain data that looks like a JavaScript array.
In the same session the user visits a page at evil.com, which uses the

4 commented Trackback

[Trackback] Patrick Mueller

5 commented Trackback

[Trackback] Time will not let me forget you, only habit without you.\nRolex has been an innovative line of luxury and award winning performance. There are watches that Hermes Birkin 30 are elegant and sleek while others are more dazzling and glamorous. It was offi...

6 commented Trackback

[Trackback] http://www.montinispa.com/biospectrum/index.asp Torrey Smith Ravens Jersey http://www.montinispa.com/casamontini/index.asp authentic personalized kansas city chiefs jerseys http://www.gsahda.org/mission.asp stella mccartney bag http://roefs...

7 commented Trackback
8 commented Trackback

[Trackback] http://www.stridesarco.com/oldsite/index.asp Salomon Shoes

9 commented Trackback

[Trackback] http://www.montinispa.com/contattaci/index.asp nike nfl jerseys youth http://www.montinispa.com/cookywell/index.asp cincinnati bengals jerseys walmart http://www.gridironheroes.org/light.asp stella mccartney bag http://www.carwashdeblauweto...

10 commented Trackback

[Trackback] http://www.montinispa.com/cookywell/index.asp cincinnati bengals jerseys walmart http://www.mvgschools.com/ffapics/mvg.php louis vuitton bag accessories http://www.sviluppoeconsulenza.com/media/index.asp Asics Running Shoes http://www.alkim...

11 commented Trackback

[トラックバック] Another way to do research on RV solar panel kits is by looking at quality review sites. Review

12 commented Trackback

[Trackback] 第一圧縮機オフ。 しばらくの間正常に動作しましたが、ある日、それが入らないでしょう。 それだけで、それは、それは袋にPSIは、その後に必要になったときに点灯を検知推測すべきと...

13 commented Trackback

[Trackback] By|Through} Carl “J.D.Inch Pantejo, Copyright August 2007.

(*Below is definitely an excerpt from “My Friend Yu - The actual Wealth Mentor," Copyright laws July 07. Pantejo - Y.N. Vurce Publishing.)
One period, after i was a young man...

14 commented Trackback

[トラックバック] to target exactly the types of sites they want (although busy sites should use our autotarget

15 commented Trackback

[Trackback] There are millions of people who would love to be able to watch live soccer on the Internet. This is because sometimes it is hard to catch up on the games due to late working hours or a business trip. Wouldn't it be great to have an alternative to the ...

Add a Comment Add a Comment