From: Bobby Dominguez (bobby.dominguez@corp.terralycos.com)
Date: Thu Sep 26 2002 - 17:01:04 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Due to a bug in the content filtering engine of HTMLGear's "GuestGear"
application, it was possible for a malicious user to inject arbitrary
JavaScript into a guestbook page, in some browsers. (Various versions of
Internet Explorer were affected, however Netscape/Mozilla browsers were not.)
This bug existed under all guestbook security settings.
Effective in the 9/25/02 release of HTMLGear, this security vulnerability has
been fixed. Additionally, all new guestbooks will now default to the "simple
tags" security level. (Previously, the default was to use the less secure mode
by default.)
- ---
Bobby Dominguez
Terra Lycos, Inc.
Information Security Manager, US
Voice: 781-370-2989
Fax: 781-370-2650
- ----------
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and should not be forwarded to others without
written consent from the sender. If this message has been received in error,
please immediately notify me via e-mail and delete it. Please note that
Internet e-mail does not guarantee the confidentiality or the proper receipt of
the messages sent. If the addressee of this message does not consent to the
use of Internet e-mail, please communicate it to me immediately.
- ----------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPZN1kNBSA99T8QD3EQJ3rACgp9IA0/xXai1GATM3xoHvph7vxLMAniGP
pWTMLeOIvWrb8R54HDNr1rCv
=RyXi
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:21:37 EDT