- From: Jim Ley <jim.ley@gmail.com>
- Date: Fri, 17 Mar 2006 14:43:02 +0000
On 3/17/06, Gervase Markham <gerv at mozilla.org> wrote: > Jim Ley wrote: > > Please can you provide more information on how raw JSON is available > > from script elements? > > Apologies; it was the Array constructor, and I was slightly wrong in the > details. Here is the exploit: > http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html Yeah, only applies to Array, and I'm of the belief this is a Mozilla security flaw anyway, hopefully it'll be fixed soon. Thanks for including the URL in the thread too, illustrates exactly why there are security concerns introduced with this JSONRequest. Cheers, Jim.
Received on Friday, 17 March 2006 06:43:02 UTC