Simon Willison’s Weblog

Subscribe
Atom feed for vulnerability

5 items tagged “vulnerability”

2010

Jeremiah Grossman: I know who your name, where you work, and live. Appalling unfixed vulnerability in Safari 4 and 5 —if you have the “AutoFill web forms using info from my Address Book card” feature enabled (it’s on by default) malicious JavaScript on any site can steal your name, company, state and e-mail address—and would be able to get your phone number too if there wasn’t a bug involving strings that start with a number. The temporary fix is to disable that preference.

# 22nd July 2010, 8:44 am / apple, autocomplete, browsers, exploit, safari, security, vulnerability, recovered

2009

Major IE8 flaw makes ’safe’ sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea.

# 22nd November 2009, 3:34 pm / xss, ie8, security, xssfilter, microsoft, vulnerability

2007

Django security fix released. Django’s internationalisation system has a denial of service hole in it; you’re vulnerable if you are using the i18n middleware. Fixes have been made available for trunk, 0.96, 0.95 and 0.91.

# 26th October 2007, 9:47 pm / django, security, vulnerability, python, i18n, internationalisation, denialofservice

Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge.

# 27th September 2007, 10:29 am / gmail, security, google, csrf, vulnerability

The Adobe PDF XSS Vulnerability. If you host a PDF file anywhere on your site, you’re vulnerable to an XSS attack due to a bug in Acrobat Reader versions below 8. The fix is to serve PDFs as application/octet-stream to avoid them being displayed inline.

# 11th January 2007, 4:23 pm / security, adobe, pdf, vulnerability, xss