Thank you for bringing this to our attention. Unfortunately, due to the complexity that is javascript, it took us a few days to fix our interpreter and test it enough to satisfy us. A new build of safeweb.com was put up today that fixes the problem described below. Undoubtably, the astute readers of bugtraq will be able to come up with other vulnerabilities... Given enough lead time, we hope to resolve any vulnerabilities that people present us with. On Thu, Jun 14, 2001 at 09:04:04PM +0400, Alexander K. Yezhov wrote: <snip> > Q: Does SafeWEB.com have the same issues? > > A: I had a look at SafeWeb today. Since it uses different approach to > isolate dangerous JavaScript instructions the demo code won't work. > SafeWeb doesn't let the script to verify if the URL is chained and > correctly intercepts any attempts to change document.location or issue > location.replace function. But the answer is ... "yes". To let the > demo script verify the original URL we'll have to override > fugunet_fixloc function. Then, to redirect current frame to unsecure > location we can use "assign" method. > > The current "redirect" demo is available at: > > http://tools-on.net/privacy.shtml > > (click on the "Go" button below "Holmes/Who" and look at the report) > > You can also use direct (temp.) link to the "Who" tool: > > http://tools-on.net/privacy.shtml?o=who&t=4557701001675& <snip>
This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 10:17:23 PDT