[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Oct 2005 19:54:46 +1300

Paul Schmehl to Valdis:

> > OK, so who designed the Javascript security model?
> 
> Netscape.

Ahh -- trick question!

There is NO "Javascript security model" so Netscape cannot have 
designed it...

...

Seriously, Javascript was the single worst thing that ever happened to 
browsers (and the only really stupid, bad thing that is not squarely on 
MS' shoulders) and permanently opened the whole, stupid "active 
content" can-o-worms...


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
  - From: Paul Schmehl

Prev by Date: [Full-disclosure] MDKSA-2005:192 - Updated xli packages fix buffer overflow vulnerabilities.
Next by Date: RE: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen).
Previous by thread: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Next by thread: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Index(es):
- Date
- Thread