Bugs
: K-Meleon Forum
You can talk about issues with k-meleon here. But please, for confirmed bugs, use the bug tracker to report and give feedback on bugs.
Goto:
Forum List
•
Message List
•
Search
•
Log In
Your Name:
Subject:
Help information
BBcode help
Smileys help
[quote=guenter] [quote=ndebord] http://www.mozilla.org/security/announce/2011/mfsa2011-10.html http://www.mozilla.org/security/announce/2011/mfsa2011-08.html[/quote] [quote=mozilla.org] Independent security researcher Kuza55 and Microsoft security researcher Tom Gallagher reported that when plugin-initiated requests receive a 307 redirect response, the plugin is not notified and the request is forwarded to the new location. This is true even for cross-site redirects, so any custom headers that were added as part of the initial request would be forwarded intact across origins. This poses a CSRF risk for web applications that rely on custom headers only being present in requests from their own origin. [/quote] What is the risk of a plugin initiated request? Are we using plugins for banking or anything risky if data are CSRFed?[/quote]
[Please Enable JavaScript]
K-Meleon forum is powered by
Phorum
.
Home/News
Screenshots
Download
Documentation
Resources
Get Involved
Forum
Bugs
Development
