Re: RE: Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too)

["M Saqib Ilyas" <msaqibilyas () myrealbox com>]

Dear all,
Chopping off the long thread and leaving a few lines for reference. If one
switches on a Windows box from IE to Mozilla or some other for browsing the
web, still the IE control would be everywher in your UI, My Computer,
Network Neighborhood etc. Granted, you would be safe from attacks being
launched through web pages attempting to execute arbitrary or malicious
code, but if M$ implements some kind of preview mechanism, or mistakenly I
open a page in IE due to incorrect default association, arent there still
chances of the same vulnerability coming back to haunt me? Granted, the
chances will be less, but IE has sunk its nails into the UI. Isnt that true?
Regards
Saqib
----- Original Message -----
From: "Drew Copley" <dcopley () eeye com>
To: <full-disclosure () lists netsys com>
Sent: Saturday, September 13, 2003 2:53 AM
Subject: [Full-disclosure] RE: Internet explorer 6 on windows XP allows
exection of arbitrary code ( and opera and Mozilla too)


> > serious ? these if I understand correctly merely crash your
> > browser nothing perticularly serious about that.
> >
> > Granted no browser will be without flaws so there is
> > probably heaps of stuff to be found in mozilla aswell, but
> > remote code execution?? I dont believe there has been a
> > single flaw in netscape or mozilla that allowed you to
> > execute code simply by putting together some javascript (you
> > can correct me on this) even when it was the dominant browser



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html