Comment Re:A simple solution... WAKE UP! (Score 2, Insightful) 207
It's great to know that you FULLY understand the security implication of this issue. If everyone was like you we would all be SO MUCH SAFER!!
The Proof of Concepts I provided are exactly that... PROOF OF CONCEPT! In my examples, I purposely place the exploit behind a link, so that you know and control whats coming. I could have easily placed the payload in a "body onload" tag and you would have just been hit with it... no user interaction required.
To make matters worse, when you combine something like this with Cross Site Scripting or Cross Site Request Forgery you can force another domain to send the payload for you... I've been in the security realm for some time now... but HEY... what do I know... it seems that you have it all figured out... Remote Command Execution with no user interaction via Firefox is no big deal... its just FUD...
The Proof of Concepts I provided are exactly that... PROOF OF CONCEPT! In my examples, I purposely place the exploit behind a link, so that you know and control whats coming. I could have easily placed the payload in a "body onload" tag and you would have just been hit with it... no user interaction required.
To make matters worse, when you combine something like this with Cross Site Scripting or Cross Site Request Forgery you can force another domain to send the payload for you... I've been in the security realm for some time now... but HEY... what do I know... it seems that you have it all figured out... Remote Command Execution with no user interaction via Firefox is no big deal... its just FUD...
