Full Disclosure mailing list archives

Re: MSIE7 browser entrapment vulnerability (probably Firefox, too)

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Mon, 26 Feb 2007 19:11:15 +0100 (CET)

On Fri, 23 Feb 2007, Jeffrey Katz wrote:

Just checked on IE 7.0.5730.11 -- doesn't exhibit problem.


Most certainly does; you might have scripting disabled, or be
experiencing some other anomaly, but for much of the population, the
attack works as advertised on that version.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 22)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 23)
- Firefox: onUnload tailgating (MSIE7 entrapment bug variant) Michal Zalewski (Feb 23)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Jeffrey Katz (Feb 24)
  - Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Michal Zalewski (Feb 26)
- Re: MSIE7 browser entrapment vulnerability (probably Firefox, too) Matt S (Feb 26)