Re: Anonymized

[joshua () safeweb com]

Thank you for bringing this to our attention.  Unfortunately, due to the
complexity that is javascript, it took us a few days to fix our
interpreter and test it enough to satisfy us.  A new build of safeweb.com
was put up today that fixes the problem described below.  Undoubtably, the
astute readers of bugtraq will be able to come up with other vulnerabilities...
Given enough lead time, we hope to resolve any vulnerabilities that people
present us with.

On Thu, Jun 14, 2001 at 09:04:04PM +0400, Alexander K. Yezhov wrote:

<snip>

> Q: Does SafeWEB.com have the same issues?
>
> A:  I had a look at SafeWeb today. Since it uses different approach to
> isolate  dangerous  JavaScript  instructions the demo code won't work.
> SafeWeb  doesn't  let  the  script to verify if the URL is chained and
> correctly intercepts any attempts to change document.location or issue
> location.replace  function.  But  the  answer is ... "yes". To let the
> demo   script   verify   the  original  URL  we'll  have  to  override
> fugunet_fixloc  function.  Then, to redirect current frame to unsecure
> location we can use "assign" method.
>
> The current "redirect" demo is available at:
>
> http://tools-on.net/privacy.shtml
>
> (click on the "Go" button below "Holmes/Who" and look at the report)
>
> You can also use direct (temp.) link to the "Who" tool:
>
> http://tools-on.net/privacy.shtml?o=who&t=4557701001675&;

<snip>