> Georgi Guninski security advisory #2, 2000 > > Yet another Hotmail security hole - injecting JavaScript in IE using > <IMG DYNRC="javascript:...."> <<snip>> It would be nice to think that while fixing the previous hole (<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail security staff might have wondered "What other parameters on this and other tags may be similarly exploitable?". Yeah, right... I note that no browser fixes have been notified/posted yet, or is this a Hotmail-only hole (i.e. "expected behaviour" in the browser)? Regards, Nick FitzGerald
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:20 PDT