Articles récents

Catégories

juillet 2010

icon_firefox[CVE 2010-2751] SSL spoofing with history.back() and history.forward()

Advisory: Multiple location bar spoofing vulnerabilities CVE 2010-2751: SSL spoofing with history.back() and history.forward() Announced: July 20, 2010 Reporter: Jordi Chancel Impact: Moderate Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.11 – Firefox 3.6.7 – SeaMonkey 2.0.6 Description Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server