|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <5F78AA062F6AD311A59000508B4AAF6D092BBA@pcs02> Date: Mon, 2 Oct 2000 10:13:56 +0200 Reply-To: Clover Andrew <aclover@1VALUE.COM> From: Clover Andrew <aclover@1VALUE.COM> To: BUGTRAQ@SECURITYFOCUS.COM > Multiple security vulnerabilities found in > window.external.NavigateAndFind function in IE5.5... Verified on IE5.00. Will probably also work on IE4. (Though the on-line exploit for "vulnerability 3" is slightly broken in that it tries to open the relative URL "code.txt" instead of an absolute, local path.) These are all really the same vulnerability, of course: that javascript: URLs are incorrectly executed in the security context of the previous document. MS patched around previous incarnations of this but seem to have missed NavigateAndFind. Very poor, but you can't help thinking that javascript: URLs were a stupid idea in the first place. -- Andrew Clover Technical Support 1VALUE.com AG
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |