Yossi Yakubov wrote in http://www.securityfocus.com/archive/1/492202 : > if you, apache guys will set 403 page's charset ... Done, as per http://www.securityfocus.com/archive/1/492094 : >> All [current] releases include fixes ... > ... change manually the ecnoding in Firefox to UTF-7 ... There is no > problem to trick the victim and force him to change the encoding of > his browser by little social engineering. See https://bugzilla.mozilla.org/show_bug.cgi?id=408457 about how this can be better exploited. Cheers, Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
