Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE exploit runs code from graphics?

From: Jimmy Mitchener <packetmaster () gmail com>
Date: Sat, 26 Jun 2004 19:12:36 -0700
On Sat, 26 Jun 2004 11:52:08 +0530, Aditya, ALD [ Aditya Lalit
Deshmukh ] <aditya.deshmukh () online gateway technolabs net> wrote:



files (.CHM) from some web site, causing the HTML code inside the .CHM
to be run in the "My Computer" security zone.  Typically (like all but
one of _dozens and dozens_ of these I've seen) the "inner" HTML run


this is one of the  _dozens and dozens_  reasons to use mozilla on untrusted sites and use ie to access internal 
websites if they do depend of some ie features but set the default browser to mozilla so that when ever the user 
cliks something it opens in mozilla



Why would you assume Mozilla is any less vulnerable? Perhaps not
publicly, it is simply not as large of a target as IE. You should
really not be browsing on an "important" system no matter what. Unless
perhaps you have systrace or SELinux guarding it (which even then is
not 100%).

Jimmy.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: