Bugtraq mailing list archives
RE: Javascript in IE may spoof the whole screen
From: Thor Larholm <Thor () jubii dk>
Date: Wed, 24 Oct 2001 12:10:06 +0200
From: Julian HallGeorgi Guninski security advisory #50, 2001 Image moving over download/open dialog: http://www.guninski.com/opf2.html BSOD emulation: http://www.guninski.com/bsod1.htmlNeither of these demonstrations function correctly in IE 5.0; they produce script error message boxes, reporting that the 'object does not support the requested method'. I don't know whether that means IE 5.0 isn't vulnerable or not...
It means that Guninski used the popup object in his examples, which was first introduced in IE5.5+ - using chromeless window objects will yield the same results in IE4+. The advisory still holds, the example was just flawed. Regards Thor Larholm Jubii A/S - Internet Programmer
Current thread:
- Javascript in IE may spoof the whole screen Georgi Guninski (Oct 21)
- Re: Javascript in IE may spoof the whole screen Julian Hall (Oct 23)
- Re: Javascript in IE may spoof the whole screen Miguel Angel Rodriguez Jodar (Oct 23)
- <Possible follow-ups>
- Re: Javascript in IE may spoof the whole screen http-equiv () excite com (Oct 22)
- RE: Javascript in IE may spoof the whole screen Thor Larholm (Oct 24)
- Re: Javascript in IE may spoof the whole screen Julian Hall (Oct 23)