[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity

To: Jim Race <caferace@well.com>
Subject: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
From: Heikki Toivonen <hjtoi@comcast.net>
Date: Thu, 11 Dec 2003 11:25:31 -0800

Jim Race wrote:

http://petard.freeshell.org/ms-announce.html
Check that. With Moz 1.5:

Opening in a new *TAB* takes one to MS. Clicking the link takes one to /. with "http://www.microsoft.com%01@slashdot.org/"; in the address bar.

That is because the href points to MS, and that is what we will use for opening a link in a new tab. The Slashdot link will be followed in case of a click event (context menu or middle-click won't therefore activate it).

--
  Heikki Toivonen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
  - From: David Vincent <david.vincent@mightyoaks.com>
- Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
  - From: Jim Race <caferace@well.com>
- Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
  - From: Jim Race <caferace@well.com>

Prev by Date: [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
Next by Date: [Full-Disclosure] RE: A new TCP/IP blind data injection technique?
Previous by thread: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Next by thread: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Index(es):
- Date
- Thread