[32811] in bugtraq
Re: Internet Explorer URL parsing vulnerability (Yes, Mozilla too.)
daemon@ATHENA.MIT.EDU (netmask)
Thu Dec 11 14:30:22 2003
Date: Thu, 11 Dec 2003 12:31:58 -0600 (CST)
From: netmask <netmask@enZotech.net>
To: Charles Richmond <cmr@iisc.com>
Cc: Andreas Plesner Jacobsen <apj@mutt.dk>, bugtraq@securityfocus.com
In-Reply-To: <1AC6834C-2B73-11D8-B33A-000A959D1CB2@iisc.com>
Message-ID: <Pine.GSO.4.58.0312111229330.11822@abryyn.zvaqfrp.pbz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> MacOSX 10.2.28 Mozilla Firebird 0.6 NOT vulnerability
> MacOSX 10.2.28 Mozilla Firebird 0.7.1 NOT vulnerability
> MacOSX 10.2.28 IE 5.2.2 (5010.1) NOT vulnerability
> MacOSX 10.2.28 IE 5.2.3 (5815.1) NOT vulnerability
Mozilla 1.5 is vulnerable on Linux, but not to %01 (In fact, I could not get
it to work with %01 on IE 6.0.2800.1106
If you use %00, it works the same.
http://www.microsoft.com%00@www.securityfocus.com
Mozilla 1.5 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007)
Mouse over will only show www.microsoft.com.
Not that this is a huge deal
