[16735] in bugtraq
Re: Posible privacy problem in Explorer.
daemon@ATHENA.MIT.EDU (CDE Francis)
Tue Sep 12 17:19:09 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Message-Id: <p04330106b5e3dd81e9ca@[128.220.149.129]>
Date: Tue, 12 Sep 2000 09:49:37 -0400
Reply-To: CDE Francis <fuy@JHU.EDU>
From: CDE Francis <fuy@JHU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
At 2:22 PM +0200 2000/09/11, Kevin van der Raad wrote:
>I found some useful information about this technique at the following
>http://www.siteexperts.com/ie5/tips/ts01/page1.asp
>> From: "Guille (Bisho)" <guille@redestb.es>
>> In the Microsoft website http://search.msn.com.mx the use a method to
>> store the searchs done in his search engine, but without cookies and
I tested some persistence pages using IE 5.0 for MacOS,
with all scripting and ActiveX enabled and insecure.
siteexperts.com failed with several JScript errors.
Each control action resulted in another error.
search.msn.com.mx said "Lamentablemente y por el momento",
the saved results feature will not work. Please download Explorer 5.5
(at least, that's what I think it says. I can read some French & Latin,
and dynamic pages don't work very well through Babelfish proxies).
http://msdn.microsoft.com/workshop/author/persistence/overview.asp
fails with a single JScript error. However, the workshop looks like
it doesn't contain any live examples.
So it seems probable (but not certain) that IE Mac is not vulnerable.
Could someone provide other URLs that I might test?
--
Francis Uy, Web Coordinator http://www.jhu.edu/gifted/cde/ 410-516-0162
