Full Disclosure mailing list archives

Re: Re: Internet Explorer URL parsing vulnerabi lity

From: Heikki Toivonen <hjtoi () comcast net>
Date: Thu, 11 Dec 2003 11:25:31 -0800

Jim Race wrote:

http://petard.freeshell.org/ms-announce.html
Check that. With Moz 1.5:
Opening in a new *TAB* takes one to MS. Clicking the link takes one to/. with "http://www.microsoft.com%01 () slashdot org/" in the address bar.

That is because the href points to MS, and that is what we will use foropening a link in a new tab. The Slashdot link will be followed in caseof a click event (context menu or middle-click won't therefore activate it).


--
  Heikki Toivonen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 10)
- <Possible follow-ups>
- RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 11)
  - RE: Re: Internet Explorer URL parsing vulnerabi lity Frank Knobbe (Dec 11)
  - Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Heikki Toivonen (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Dave Sherohman (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Nick FitzGerald (Dec 11)
    - RE: Re: Internet Explorer URL parsing vulnerabi lity Bill Royds (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity William Warren (Dec 11)
    - Re: Re: Internet Explorer URL parsing vulnerabi lity Peter Moody (Dec 11)