Re: Firefox: serious cookie stealing / same-domain bypass vulner
On Thu, 15 Feb 2007, 3APA3A wrote:
> Mitigating factor: it doesn't work through proxy, because for proxy URI
> is sent instead of URL and request will be incomplete.
Yup. Depends on the proxy, actually ('GET http://evil.com' might get
parsed as HTTP/0.9) - but Squid, both in direct and in reverse mode (say,
on Wikipedia), will reject such a request.
Cheers,
/mz