[Full-disclosure] Firefox3 offline support speculations
Denis Jedig
seclists at syneticon.de
Tue Feb 20 19:01:56 GMT 2007
On Tue, 20 Feb 2007 11:11:56 +0000 pdp (architect) wrote:
> http://www.gnucitizen.org/blog/firefox-offline
| If GMAIL is affected by some kind of Cross-site scripting vulnerability,
| can the attacker permanently plug malicious code inside the application
| offline source base.
Where is the specific risk[1] in that if you can separate the loader
from the execution engine[2]?
[1] that is, some implication going beyond what cross-site scripting is
capable of in a modern Ajax online application
[2] i.e. you will be forced to load the most recent version of the code
off the site when online
--
Denis Jedig
syneticon networks GbR http://syneticon.net/service/
Full-Disclosure is hosted and sponsored by Secunia.