Bugtraq mailing list archives
Re: Hotmail security vulnerability - injecting JavaScript using <STYLE> tag
From: olaf () BIGRED INKA DE (Olaf Titz)
Date: Tue, 14 Sep 1999 10:57:25 +0300
In article <37DCF0FE.908E4B4F () nat bg> you write:
Note: This is not a browser problem, it is Hotmail's problem.
It is a browser problem, at least for the Netscape version.
<P STYLE="left:expression(eval('alert(\'JavaScript is executed\');window.close()'))" >
One could argue that styles can be computed via Javascript...
<STYLE TYPE="text/javascript">
...but that is ridiculous. The browser should simply ignore a stylesheet of an unknown type, there is a reason for the type parameter after all. (Unless it is a deliberate feature that you can substitute STYLE for SCRIPT, which I somehow doubt.) This is not only a problem for Hotmail but for all sorts of proxies which filter Javascript for security reasons. Since there is at least one recent version of both NC and IE which _doesn't_ let you disable Javascript at all due to bugs, such filtering is an absolute necessity, but you need to know where in the data stream it can appear. Btw. the example given for IE is a classic example of what is so wrong with Javascript: you can do anything with it - including e.g. trivial stealing of passwords by popping up fake login dialogs - _even if it doesn't make sense in the context_. This alone is a reason to completely block and disable it. Olaf
Current thread:
- (no subject) Mark Ultor (Sep 09)
- Re: your mail KSR[T] Contact Account (Sep 11)
- elm filter program Cornelius Krasel (Sep 12)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Olaf Titz (Sep 14)
- Re: Hotmail security vulnerability - injecting JavaScript using Alan Cox (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Georgi Guninski (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Eivind Eklund (Sep 15)
- [support_feedback () us-support external hp com: Security Bulletins Digest] Patrick Oonk (Sep 15)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: elm filter program Bill Pemberton (Sep 13)
- [RHSA-1999:037-01] Buffer overflow in mars_nwe Bill Nottingham (Sep 13)