Uh Oh: Browsers Again Vista Security Discuss Uh Oh: Browsers Again in the Windows Vista forums; Well, here is the latest that I know of on browser vulnerabilities: http://blogs.zdnet.com/security/?p=37&tag=nl.e589 . The news in not good, but, still, ...

[Znod]

Well, here is the latest that I know of on browser vulnerabilities: http://blogs.zdnet.com/security/?p=37&tag=nl.e589. The news in not good, but, still, it is pretty much same ole same ole in a way. I tried the vulnerablilty test for the first flaw mentioned. I passed. Here is the message I got:

"Below should be a copy of your C:\BOOT.INI file. If nothing is
shown, chances are you don't have this file in the first place,
your account has no permission to read that file, you didn't use
a vulnerable browser, or I screwed something up.

=== RECEIVED DATA ==="

Maybe my key-logger defeating keyboard really works.

I did not do so well on the second test. And, I like the concept of No Script, but don't like using it. It seems to get in the way too much. Here are my second-test results:

"Firefox location.hostname vulnerability demo (stage 2)

YOUR BROWSER IS VULNERABLE

The page at *.dione.cc successfully set a test cookie for *.coredump.cx. This means that your authentication cookies can be messed with, and that malicious third party sites might be able to gain influence over how unrelated sites are displayed.

You can confirm the presence of a test cookie by going to Tools -> Options -> Privacy -> Show cookies..., and locating an entry for coredump.cx domain. To protect yourself until patches are available, consider using a NoScript plugin. An interim workaround suggested by Firefox developers is to go to about:config, right-click to add a new string key:

capability.policy.default.Location.hostname.set

...and then to set its value to 'noAccess'.

Comments and questions: Michal Zalewski <lcamtuf@coredump.cx> "

And, yep, the cookie was there.