Complete.Org: Mailing Lists: Archives: gopher: April 2008:
[gopher] OverbiteFF new version ready -- upgrade *strongly* advised
Home

[gopher] OverbiteFF new version ready -- upgrade *strongly* advised

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: gopher@xxxxxxxxxxxx
Subject: [gopher] OverbiteFF new version ready -- upgrade *strongly* advised
From: Cameron Kaiser <spectre@xxxxxxxxxxxx>
Date: Wed, 2 Apr 2008 21:06:47 -0700 (PDT)
Reply-to: gopher@xxxxxxxxxxxx

Firefox 3.0b5 came out, which is serendipitous, because I discovered a bug in
OverbiteFF this afternoon which can use a malformed selector to inject
arbitrary HTML or JS into the gopher menu->HTML converter. Fortunately we have
no such malicious servers out there as of yet, and any code injected with this
method would not run chromed, but this bug is now corrected along with
another one that sometimes put a spurious port -1 into the navigation system.
It has also been tested against 3.0b5 and seems to otherwise work fine.

For ease in identifying updates, the about:overbite now shows a build number.
This version should be build 1286.

Any beta user of OverbiteFF is advised to update.

        gopher://gopher.floodgap.com/9/overbiteff.xpi

-- 
------------------------------------ personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckaiser@xxxxxxxxxxxx
-- Intel outside -- 6502 inside! ----------------------------------------------



[Prev in Thread] Current Thread [Next in Thread]