Re: phpmyadmin / CVE-2016-9861 / PMASA-2016-66
Brian May <bam@debian.org> writes:
> Curiously while I can reproduce this in Firefox, I can't under Chrome,
> as it doesn't seem to provide the Referer header in this situation.
It looks like replacing the HTTP header with a block of JavaScript code
really does hide the Referer header in Firefox ESR version 45.5.1esr-1.
Ok, I wasn't exactly expecting that.
So my guess is that the white list only required for certain browsers,
or older browsers or something.
--
Brian May <bam@debian.org>
Reply to: