[Webkit-unassigned] [Bug 68560] [Qt] HTTP header injection vulnerability (QWebPage::userAgentForUrl)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 21 13:56:40 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=68560
Ademar Reis <ademar.reis at openbossa.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ademar.reis at openbossa.org
--- Comment #3 from Ademar Reis <ademar.reis at openbossa.org> 2011-09-21 13:56:40 PST ---
I fail to see an attack scenario... How could an attacker provide the user-agent? Maybe I'm missing a feature from your PhanonJS, or maybe you don't want to trust the end user at all? Could you please provide a real world attack scenario?
Finally, if this (or any other bug you find) is indeed a security vulnerability, please open a bug against the Security component. This way the bug is kept private while we fix it and give some time to all vendors to fix their applications and distribute the patches to end users (in this case the only vendor would be QtWebKit).
More details about the WebKit security policy here: http://www.webkit.org/security/
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list