Re: Netscape Communicator window spoofing bug

[guninski () HOTMAIL COM (Georgi Guninski)]

Robert,

>  I DID look at your code (and I didn't mean that your code was junk,
> mearly that I had deleted stuff BTW).

If you have thoroughly looked at my code, you should have noticed the
main vulnerability:
a=window.open("view-source:javascript:location='http://www.yahoo.com';";
AFAIK Securexpert's code has nothing like that and it works on Internet
Explorer.

>  If netscape ack'ed that this is a new bug then it is because you got
> someone new to review it or someone who didn't realize that they are
the
> same problem.  Now I wonder if they are looking into this.
You may find Netscape's opinion at:
http://www.news.com/News/Item/0,4,32588,00.html
http://www.zdnet.com/pcweek/stories/news/0,4153,1013941,00.html


>  Anyone who looked at how Secureexperts did their attack could easily
> move it onto an attack against a regular page (as I did 2 months ago,
> and you did more recently I presume).  Both exploit the same
fundamental

Could you post a publication and WORKING example of the modification, so
we can see the difference between my exploit and Securexpert's?

> feature (..not a bug, it is a feature), of being able to direct java to
> open up a new site inside of another window or frame (Based on a timer
> or some such trigger).

Why do you mention Java at all? My exploit does not use Java at all, so
it should be different. Hope you make difference between Java and
JavaScript.


>  I very much believe it is the same problem.  We have been unable to
> figure out a good blanket procedure to fix it though.   You can do neat
> things with timers, should they be taken out of Java in the name of
> security?  Perhaps we should suggest to the browser developers that
they

I can't understand why do you write about Java at all, it has nothing to
do with my exploit.

Regards,
Georgi Guninski
http://www.nat.bg/~joro

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com