[Webkit-unassigned] [Bug 68560] [Qt] HTTP header injection vulnerability (QWebPage::userAgentForUrl)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 21 14:04:22 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=68560
Robert Hogan <robert at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |robert at webkit.org
--- Comment #4 from Robert Hogan <robert at webkit.org> 2011-09-21 14:04:22 PST ---
This is an interesting find, but I agree with Ademar it's not a vulnerability. If a client is allowing third-party code to set the UA there isn't much additional leverage to be had from adding a new header. Still worth fixing though.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list