[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Explorer URL parsing vulnerability (Yes, Mozilla too.)

To: Charles Richmond <cmr@iisc.com>
Subject: Re: Internet Explorer URL parsing vulnerability (Yes, Mozilla too.)
From: netmask <netmask@enZotech.net>
Date: Thu, 11 Dec 2003 12:31:58 -0600 (CST)

> MacOSX 10.2.28        Mozilla Firebird 0.6            NOT vulnerability
> MacOSX 10.2.28        Mozilla Firebird 0.7.1          NOT vulnerability
> MacOSX 10.2.28        IE 5.2.2 (5010.1)                       NOT 
> vulnerability
> MacOSX 10.2.28        IE 5.2.3 (5815.1)                       NOT 
> vulnerability

Mozilla 1.5 is vulnerable on Linux, but not to %01  (In fact, I could not get
it to work with %01 on IE 6.0.2800.1106

If you use %00, it works the same.

http://www.microsoft.com%00@www.securityfocus.com

Mozilla 1.5 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007)

Mouse over will only show www.microsoft.com.

Not that this is a huge deal

References:
- Re: Internet Explorer URL parsing vulnerability
  - From: Charles Richmond <cmr@iisc.com>

Prev by Date: RE: A new TCP/IP blind data injection technique?
Next by Date: Multiple vendor SOAP server (XML parser) denial of service (DTD parameter entities)
Previous by thread: Re: Internet Explorer URL parsing vulnerability
Next by thread: Re: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread