Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How big is the danger of IE?

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 8 Jul 2004 21:32:39 -0400
...the security zone model itself (well, at least its implementation in IE, etc) _is

the problem_ and can often be exploited independent of the scritping, and other active
content processing, state of the zone in which some arbitrary piece of HTML is rendered.


So you can do a cross-zone attack against the restricted zone, with all scripting and
active content disabled? I'd like to see an example of this.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer () ziffdavis com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: