Full Disclosure: Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Mon, 26 Feb 2007 19:11:15 +0100 (CET)

On Fri, 23 Feb 2007, Jeffrey Katz wrote:

Just checked on IE 7.0.5730.11 -- doesn't exhibit problem.


Most certainly does; you might have scripting disabled, or be
experiencing some other anomaly, but for much of the population, the
attack works as advertised on that version.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 22)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 23)
- Firefox: onUnload tailgating (MSIE7 entrapment bug variant) Michal Zalewski (Feb 23)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Jeffrey Katz (Feb 24)
  - Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 26)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Matt S (Feb 26)