[32785] in bugtraq
Re: Internet Explorer URL parsing vulnerability
daemon@ATHENA.MIT.EDU (Andreas Plesner Jacobsen)
Wed Dec 10 19:11:48 2003
Date: Wed, 10 Dec 2003 20:26:22 +0100
From: Andreas Plesner Jacobsen <apj@mutt.dk>
To: bugtraq@securityfocus.com
Message-ID: <20031210192622.GO4226@nerd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3FD66545.5080005@mail.telepac.pt>
On Wed, Dec 10, 2003 at 12:13:57AM +0000, Pedro Castro wrote:
> >>From: <bugtraq@zapthedingbat.com>
> >>To: bugtraq@securityfocus.com
> >>Subject: Internet Explorer URL parsing vulnerability
> >>
> >>Internet Explorer URL parsing vulnerability
> >>Vendor Notified 09 December, 2003
> >>
> >># Vulnerability ##########
> >>There is a flaw in the way that Internet Explorer displays URLs in
> >>the address bar.
> >>
> >>By opening a specially crafted URL an attacker can open a page that
> >>appears to be from a different domain from the current location.
> >>
> >This exploit also applies to the Macintosh version of Explorer
> >v5.2.3(5815.1)
>
> It does also apply to Mozilla Firebird 0.7.
Not the Linux edition, perhaps only on Windows?
--
Andreas Plesner Jacobsen | Owe no man any thing...
| -- Romans 13:8
