Tue, 5 Jun 2007

12:15 AM - IE 6/7 and Firefox 2 Vulnerable

Yet again we see a full disclosure for the two most popular web browsers.  The nature of the web makes it difficult to secure browsers or websites.  The common convention to secure an application is to figure out all the possible types of user input and then create a white list.  With Unicode there thousands of characters from numerous languages to consider.  How do you create a whitelist or even a blacklist for all times of input?  These vulnerabilities deal with iframes, tricking users with keyboard input and other issues. 

0 comments