[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] How big is the danger of IE?

To: <nick@xxxxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] How big is the danger of IE?
From: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Date: Thu, 8 Jul 2004 21:32:39 -0400

>>...the security zone model itself (well, at least its implementation in IE, 
>>etc) _is
the problem_ and can often be exploited independent of the scritping, and other 
active
content processing, state of the zone in which some arbitrary piece of HTML is 
rendered.


So you can do a cross-zone attack against the restricted zone, with all 
scripting and
active content disabled? I'd like to see an example of this.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@xxxxxxxxxxxxx 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] How big is the danger of IE?
  - From: Nick FitzGerald

Prev by Date: Re: [Full-Disclosure] Mozilla Security Advisory 2004-07-08
Next by Date: Re: [Full-Disclosure] shell:windows command question
Previous by thread: RE: [Full-Disclosure] How big is the danger of IE?
Next by thread: RE: [Full-Disclosure] How big is the danger of IE?
Index(es):
- Date
- Thread