Full Disclosure: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Fri, 23 Feb 2007 09:17:39 +0100 (CET)

On Fri, 23 Feb 2007, Michal Zalewski wrote:

  http://lcamtuf.coredump.cx/ietrap/


I accidentally left a portion of code used to test for the Firefox memory
corruption / MSIE7 NULL ptr condition inside 'attack.js' for this page.

This crashed the testcase for some users, instead of demonstrating the
entrapment issue.

If you had this problem, please re-test now.

Cheers,
/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 22)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 23)
- Firefox: onUnload tailgating (MSIE7 entrapment bug variant) Michal Zalewski (Feb 23)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Jeffrey Katz (Feb 24)
  - Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 26)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Matt S (Feb 26)