Bugtraq mailing list archives
Re: Javascript in IE may spoof the whole screen
From: Miguel Angel Rodriguez Jodar <rodriguj () atc us es>
Date: Tue, 23 Oct 2001 22:23:40 +0100 (GMT+0100)
Actually, both examples work. At least on MSIE 6.0 under Windows 98SE. The original message states that vulnerable systems are IE 5.5 and later... -- Miguel Angel Rodriguez Jodar | http://icaro.fie.us.es Area de Arquitectura y Tecnologia de Computadores Universidad de Sevilla On Tue, 23 Oct 2001, Julian Hall wrote:
Georgi Guninski wrote:Georgi Guninski security advisory #50, 2001 Javascript in IE may spoof the whole screen Systems affected: IE 5.5/6.0 on Windows, probably earlier versions[...]Demonstration: Image moving over download/open dialog: http://www.guninski.com/opf2.html BSOD emulation: http://www.guninski.com/bsod1.htmlNeither of these demonstrations function correctly in IE 5.0; they produce script error message boxes, reporting that the 'object does not support the requested method'. I don't know whether that means IE 5.0 isn't vulnerable or not...
Current thread:
- Javascript in IE may spoof the whole screen Georgi Guninski (Oct 21)
- Re: Javascript in IE may spoof the whole screen Julian Hall (Oct 23)
- Re: Javascript in IE may spoof the whole screen Miguel Angel Rodriguez Jodar (Oct 23)
- <Possible follow-ups>
- Re: Javascript in IE may spoof the whole screen http-equiv () excite com (Oct 22)
- RE: Javascript in IE may spoof the whole screen Thor Larholm (Oct 24)
- Re: Javascript in IE may spoof the whole screen Julian Hall (Oct 23)