Jeff Jarmoc comments

Repositories
Issues
Comments

Results 3 comments of


                                            Jeff Jarmoc

JSONP and reflected flash file (new flaw to possibly check for)

A new bypass for the client-side fixes has been found as well. http://topolik-at-work.blogspot.com/2015/06/cve-2015-3096-rosetta-flash-fix-bypass.html

JSONP and reflected flash file (new flaw to possibly check for)

I'm aware the flaw predates that name, I was commenting in regards to the discussion earlier that it's "kind of fixed client side."

Address false negatives via non-`({...})` callbacks.

Thanks! I've been running with this change for a while, and FPs haven't been too bad, though that'll vary a bit depending on the application. My largest false-positive case right...