Full Disclosure mailing list archives

RE: Re: Internet Explorer URL parsing vulnerabi lity

From: Frank Knobbe <frank () knobbe us>
Date: Thu, 11 Dec 2003 12:22:04 -0600

On Thu, 2003-12-11 at 11:22, David Vincent wrote:

Try this one:
http://petard.freeshell.org/ms-announce.html


displayed as "http://www.microsoft.com%01 () slashdot org/" in the latest
Firebird 0.7+ nightly.


In addition, Galeon and Ephinany display it like that. No user account
warning as with Opera though.


displayed as "http://www.microsoft.com@slashdot.org/" in Opera 7.23 AFTER
getting a warning about going to an URL which includes a username.

displayed as "http://www.microsoft.com@slashdot.org/" in Avant Browser 8.02
Build 207

displayed as "http://www.microsoft.com"; in IE 6.0.2800.1106

all are on W2k Pro SP4 et al.

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 10)
- <Possible follow-ups>
- RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 11)
  - RE: Re: Internet Explorer URL parsing vulnerabi lity Frank Knobbe (Dec 11)
  - Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Heikki Toivonen (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Dave Sherohman (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Nick FitzGerald (Dec 11)
    - RE: Re: Internet Explorer URL parsing vulnerabi lity Bill Royds (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity William Warren (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Peter Moody (Dec 11)