bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)

from [Michal Zalewski] [Permanent Link][Original]
To: Jeffrey Katz <jdkatz23@gmail.com>
Subject: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)
From: Michal Zalewski <lcamtuf@dione.ids.pl>
Date: Mon, 26 Feb 2007 19:11:15 +0100 (CET)
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security@mozilla.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
In-reply-to: <214664880702231005l19a0cfe7o3b992b90a882d218@mail.gmail.com>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.58.0702230223340.21707@dione> <214664880702231005l19a0cfe7o3b992b90a882d218@mail.gmail.com> 
On Fri, 23 Feb 2007, Jeffrey Katz wrote:

> Just checked on IE 7.0.5730.11 -- doesn't exhibit problem.

Most certainly does; you might have scripting disabled, or be
experiencing some other anomaly, but for much of the population, the
attack works as advertised on that version.

/mz
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Firefox Cache Hack - Firefox History Hack redux, Ismail Dönmez
Next by Date:  MTCMS multiple upload vulnerabilities, none
Previous by Thread:  Re: MSIE7 browser entrapment vulnerability (probably Firefox, too), Jeffrey Katz
Next by Thread:  RE: MSIE7 browser entrapment vulnerability (probably Firefox, too), perpetualmotionuk
Indexes:  [Date] [Thread] [Top] [All Lists]