Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability

From: Stefan Esser <sesser () hardened-php net>
Date: Sat, 24 Feb 2007 09:21:51 +0100
Matthew Flaschen schrieb:

Stefan Esser wrote:
  

   Microsoft just sent a nonsense mail to us, claiming that we had
   disclosed this already to the public and that they like getting
   advance notice.
    


I mean, that's fair enough.  I mean, nobody's personality should get in
the way of fixing security vulnerabilities.  Err, I mean...
  


Well the point is they accused us somewhen in October 2006 to have
already disclosed this attack against Internet Explorer 7 to the public.
At that time IE7 was just released and we never said a word about IE7 at
all. Actually the only thing we did was announce that there is a trick
to do this with Firefox.In reality we waited 3.5 months before any
detail was made public with yesterdays advisory.

Stefan Esser

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: