Bugtraq mailing list archives
Re: Netscape Communicator window spoofing bug
From: guninski () HOTMAIL COM (Georgi Guninski)
Date: Tue, 23 Feb 1999 04:04:57 PST
Robert,
I DID look at your code (and I didn't mean that your code was junk, mearly that I had deleted stuff BTW).
If you have thoroughly looked at my code, you should have noticed the main vulnerability: a=window.open("view-source:javascript:location='http://www.yahoo.com';" AFAIK Securexpert's code has nothing like that and it works on Internet Explorer.
If netscape ack'ed that this is a new bug then it is because you got someone new to review it or someone who didn't realize that they are
the
same problem. Now I wonder if they are looking into this.
You may find Netscape's opinion at: http://www.news.com/News/Item/0,4,32588,00.html http://www.zdnet.com/pcweek/stories/news/0,4153,1013941,00.html
Anyone who looked at how Secureexperts did their attack could easily move it onto an attack against a regular page (as I did 2 months ago, and you did more recently I presume). Both exploit the same
fundamental Could you post a publication and WORKING example of the modification, so we can see the difference between my exploit and Securexpert's?
feature (..not a bug, it is a feature), of being able to direct java to open up a new site inside of another window or frame (Based on a timer or some such trigger).
Why do you mention Java at all? My exploit does not use Java at all, so it should be different. Hope you make difference between Java and JavaScript.
I very much believe it is the same problem. We have been unable to figure out a good blanket procedure to fix it though. You can do neat things with timers, should they be taken out of Java in the name of security? Perhaps we should suggest to the browser developers that
they I can't understand why do you write about Java at all, it has nothing to do with my exploit. Regards, Georgi Guninski http://www.nat.bg/~joro ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Netscape Communicator window spoofing bug Georgi Guninski (Feb 16)
- <Possible follow-ups>
- Re: Netscape Communicator window spoofing bug Robert Thomas (Feb 18)
- Re: Netscape Communicator window spoofing bug Georgi Guninski (Feb 20)
- Re: Netscape Communicator window spoofing bug Kirrily 'Skud' Robert (Feb 21)
- Re: Netscape Communicator window spoofing bug Robert Thomas (Feb 21)
- Re: Netscape Communicator window spoofing bug Georgi Guninski (Feb 23)
- Re: Netscape Communicator window spoofing bug Georgi Guninski (Feb 23)