Robert, > I DID look at your code (and I didn't mean that your code was junk, >mearly that I had deleted stuff BTW). > If you have thoroughly looked at my code, you should have noticed the main vulnerability: a=window.open("view-source:javascript:location='http://www.yahoo.com';" AFAIK Securexpert's code has nothing like that and it works on Internet Explorer. > If netscape ack'ed that this is a new bug then it is because you got >someone new to review it or someone who didn't realize that they are the >same problem. Now I wonder if they are looking into this. > You may find Netscape's opinion at: http://www.news.com/News/Item/0,4,32588,00.html http://www.zdnet.com/pcweek/stories/news/0,4153,1013941,00.html > Anyone who looked at how Secureexperts did their attack could easily >move it onto an attack against a regular page (as I did 2 months ago, >and you did more recently I presume). Both exploit the same fundamental Could you post a publication and WORKING example of the modification, so we can see the difference between my exploit and Securexpert's? >feature (..not a bug, it is a feature), of being able to direct java to >open up a new site inside of another window or frame (Based on a timer >or some such trigger). Why do you mention Java at all? My exploit does not use Java at all, so it should be different. Hope you make difference between Java and JavaScript. > I very much believe it is the same problem. We have been unable to >figure out a good blanket procedure to fix it though. You can do neat >things with timers, should they be taken out of Java in the name of >security? Perhaps we should suggest to the browser developers that they I can't understand why do you write about Java at all, it has nothing to do with my exploit. Regards, Georgi Guninski http://www.nat.bg/~joro ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:10 PDT