[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 21 Oct 2005 20:15:30 +1300

Jake Cole to me:

> In "Billy's" defense, this is expected in most
> JavaScript-enabled browsers.

"expected" and "most" don't quite tie up.  Is it "expected" or not?

Are theer javascript-enabled browsers where it doesn't work?  If so, in 
what truly meaningful sense is this "expected" behaviour?  (See another 
recent post where I explain what happens in Mozilla 1.0.7 on my 
machine...)

> Here's a Firefox version:
<<snip>>

Hmmmm -- a "Firefox version"??

Suggests that it is not quite entirely "expected", eh?

More that it is a corner case, or perhaps, even -- gasp -- undefined, 
no??


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
  - From: Jake Cole

References:
- Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
  - From: Jake Cole

Prev by Date: RE: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen).
Next by Date: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen).
Previous by thread: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Next by thread: Re: [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)
Index(es):
- Date
- Thread