Security holes I have found

Mozilla, Firefox, and Thunderbird

Bugzilla and other Mozilla development webtools

Extensions for Firefox

  • Code execution in Tabbrowser Extensions (misued "eval"). Reported November 21, 2004. Fixed.

Google Search


  • Minor information leak. Reported July 28, 2004. Unfixed as of May 5, 2005.
  • XSS (redirect to a javascript: URL). Reported July 28, 2004. Fixed within a week.

Google Desktop Search

  • XSS. Fixed. Details coming soon.

More notes about GDS's security