mailing list archives
RE: How big is the danger of IE?
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 8 Jul 2004 21:32:39 -0400
...the security zone model itself (well, at least its implementation in IE, etc) _is
the problem_ and can often be exploited independent of the scritping, and other active
content processing, state of the zone in which some arbitrary piece of HTML is rendered.
So you can do a cross-zone attack against the restricted zone, with all scripting and
active content disabled? I'd like to see an example of this.
eWEEK.com Security Center Editor
larryseltzer () ziffdavis com
Full-Disclosure - We believe in it.
RE: How big is the danger of IE? Skander Ben Mansour (Jul 09)