Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
From: Peter Moody <peter@ucsc.edu>
Date: Thu Dec 11 2003 - 16:24:26 CST
Received on Thu Dec 11 16:53:07 2003
Date: Thu Dec 11 2003 - 16:24:26 CST
On Thu, 2003-12-11 at 12:55, William Warren wrote:
> mozilla 1.6a
>
> http://www.microsoft.com%01@slashdot.org/
> (that is in the address bar) and slashdot comes up in the browser window..
in 1.6b slashdot is downloaded/rendered and
http://www.microsoft.com%01@slashdot.org/
is displayed in the address bar.
-Peter
-- Peter Moody <peter@ucsc.edu> Information Security Administrator 831/459.5409 Communications and Technology Services. UC, Santa Cruz. http://security.ucsc.edu/pgp/peter.moody.pub :wq
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: This is a digitally signed message part
This archive was generated by hypermail 2.1.8 : Thu Dec 11 2003 - 17:01:01 CST
Custom Search
