[Dshield] Frame Injection Vulnerability

mjost mjost at cox.net
Mon Jun 6 13:48:08 GMT 2005


I have noted the following advisory:

TITLE: Mozilla / Mozilla Firefox Frame Injection Vulnerability




I just tested my MS IE browser also and I found it too has the same browser
vulnerable (cross domain) enabled. Since I have never changed the cross
domain setting in the browser to enable and it has been set to minimum
setting of "default 'medium'". I do not know how this setting would have
been changed. These are current user settings.


Maybe all (or those security related) browsers settings should be only
allowed to be changed locally with admin rights or grp policy like the
ActiveX or Plugins are handled. I never really thought about it this way. 


And I wonder what all the security folks are doing about issues like this?


Just venting....


More information about the list mailing list