Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: How big is the danger of IE?
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 8 Jul 2004 21:32:39 -0400

...the security zone model itself (well, at least its implementation in IE, etc) _is
the problem_ and can often be exploited independent of the scritping, and other active
content processing, state of the zone in which some arbitrary piece of HTML is rendered.

So you can do a cross-zone attack against the restricted zone, with all scripting and
active content disabled? I'd like to see an example of this.

Larry Seltzer
eWEEK.com Security Center Editor
larryseltzer () ziffdavis com 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]