Bugtraq mailing list archives
Re: Hotmail security hole - injecting JavaScript using <IMG
From: ck () RIB DE (ck () RIB DE)
Date: Fri, 7 Jan 2000 10:58:58 +0100
On Wed, 5 Jan 2000 11:37:49 +0100, Henri Torgemane wrote:
What could be useful would be a tag working like <blockscript key=randompieceofdata> </blockscript key=samepieceofdata>
This would just try to fix one of the symptoms. Something more fundamentally is wrong: Data and executable code do not belong together. Violation of this brought us macro viruses, HTML e-mail that steals passwords, trojans, etc. Carsten Kuckuk (only speaking for himself)
Current thread:
- Re: Blinding BIND to a moving domain, (continued)
- Re: Blinding BIND to a moving domain Ken Gourlay (Jan 12)
- CyberCash MCK 3.2.0.4: Large /tmp hole Sheldon Young (Jan 12)
- Administrivia: ORBS Elias Levy (Jan 12)
- WebSitePro/2.3.18 is revealing Webdirectories Lark Lizerman (Jan 12)
- Re: Hotmail security hole - injecting JavaScript using <IMG Grahame Bowland (Jan 05)
- Yet another Hotmail security hole - injecting JavaScript in IE using "@import url(javascript:...)" Georgi Guninski (Jan 06)
- Security Bulletins Digest Aleph One (Jan 06)
- Re: Hotmail security hole - injecting JavaScript using <IMG Metal Hurlant (Jan 05)
- Re: Hotmail security hole - injecting JavaScript using <IMG Dustin Miller (Jan 05)
- Re: Hotmail security hole - injecting JavaScript using <IMG Edwin Gonzalez (Jan 04)
- Re: Hotmail security hole - injecting JavaScript using <IMG ck () RIB DE (Jan 07)