Multiple Browser FTP Client Cross-Site scripting weakness

Started by Mr. Analog, October 31, 2008, 09:23:47 AM

Previous topic - Next topic

Mr. Analog

This came across our security alert wire...

Platform: Web Application - Cross Site Scripting
Title: Multiple Vendor Web Browser FTP Client Cross-Site Scripting
Description: Multiple vendors' web browsers are exposed a cross-site
scripting issue that arises because the software fails to handle
specially crafted files served using the FTP protocol. Specifically,
the issue arises because the affected browsers fail to properly verify
file types of files downloaded by built-in FTP clients and render the
files.
Ref: http://www.securityfocus.com/bid/31855
By Grabthar's Hammer