Re: Yet another Hotmail security hole - injecting JavaScript in

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: Tue Jan 04 2000 - 19:58:33 PST

Next message: Mikael Olsson: "Re: Symlinks and Cryogenic Sleep"

Previous message: Raymond Dijkxhoorn: "Re: Flaw in 3c59x.c or in Kernel?"
Next in thread: Justin King: "Re: Yet another Hotmail security hole - injecting JavaScript in"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Georgi Guninski security advisory #2, 2000
>
> Yet another Hotmail security hole - injecting JavaScript in IE using
> <IMG DYNRC="javascript:....">
<<snip>>

It would be nice to think that while fixing the previous hole
(<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail
security staff might have wondered "What other parameters on this and
other tags may be similarly exploitable?".

Yeah, right...

I note that no browser fixes have been notified/posted yet, or is
this a Hotmail-only hole (i.e. "expected behaviour" in the browser)?


Regards,

Nick FitzGerald

Next message: Mikael Olsson: "Re: Symlinks and Cryogenic Sleep"
Previous message: Raymond Dijkxhoorn: "Re: Flaw in 3c59x.c or in Kernel?"
Next in thread: Justin King: "Re: Yet another Hotmail security hole - injecting JavaScript in"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:20 PDT