Security holes I have found
Mozilla, Firefox, and Thunderbird
- 9 code execution holes (none of which were memory management holes such as buffer overflows)
- 5 same-origin policy compromises (these reveal visitors' cookies and passwords for other sites)
- 7 bugs that reveal the contents of users' files
- 4 ways to bypass CheckLoadURI (combined with a same-origin hole, this can result in arbitrary code execution)
- 6 spoofing bugs
- 34 other security holes, mostly less severe.
Bugzilla and other Mozilla development webtools
Extensions for Firefox
- Code execution in Tabbrowser Extensions (misued "eval"). Reported November 21, 2004. Fixed.
Google Search
- Change user preferences. Reported October 23rd, 2003. Unfixed as of May 5, 2005.
- Hard-to-exploit XSS. Reported October 23, 2003. Fixed within a day.
Gmail
- Minor information leak. Reported July 28, 2004. Unfixed as of May 5, 2005.
- XSS (redirect to a javascript: URL). Reported July 28, 2004. Fixed within a week.
Google Desktop Search
- XSS. Fixed. Details coming soon.
