Bugs :  K-Meleon Forum
You can talk about issues with k-meleon here.  
Re: FF 3.5.17 SM 2.0.12 new bugs fixed
Posted by: guenter
Date: March 10, 2011 03:03AM


Quote
mozilla.org
Independent security researcher Kuza55 and Microsoft security researcher Tom Gallagher reported that when plugin-initiated requests receive a 307 redirect response, the plugin is not notified and the request is forwarded to the new location. This is true even for cross-site redirects, so any custom headers that were added as part of the initial request would be forwarded intact across origins. This poses a CSRF risk for web applications that rely on custom headers only being present in requests from their own origin.

What is the risk of a plugin initiated request?

Are we using plugins for banking or anything risky if data are CSRFed?

Options: ReplyQuote


K-Meleon forum is powered by Phorum.