WebApp Sec mailing list archives
Internet Explorer Download Zones Mix-up leads to XSS
From: Yair Amit <AMITYAIR () il ibm com>
Date: Mon, 24 Dec 2007 22:46:47 +0200
Hello, I would like to point you to a flaw I recently discovered in Internet Explorer that could - under certain conditions - be exploited against a large number of web-applications. The flaw results in XSS holes in websites that allow the downloading of user-controlled HTML files (for example, webmail and forum services). For more details, you are welcomed to read the blog post at: http://blog.watchfire.com/wfblog/2007/12/internet-explor.html Best Regards, Yair Amit ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Internet Explorer Download Zones Mix-up leads to XSS Yair Amit (Dec 25)