Full Disclosure mailing list archives
Re: FIREFOX 2.0.0.5 new vulnerability
From: Valdis.Kletnieks () vt edu
Date: Wed, 25 Jul 2007 05:17:47 -0400
On Wed, 25 Jul 2007 11:38:57 +0300, Mesut EREN said:
Example code is
<A HREF="mailto:%00%00../../../../../../windows/system32/cmd"> <A HREF="nntp:%00%00../../../../../../windows/system32/cmd"> What did you *expect* each of these to do, and what actually happened? (And it's totally unclear what your '- blah.bat' was intended to do, as it was just text outside the <A>..</A> pair.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FIREFOX 2.0.0.5 new vulnerability Mesut EREN (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability Valdis . Kletnieks (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability pdp (architect) (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability wac (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 25)
- Re: FIREFOX 2.0.0.5 new vulnerability wac (Jul 27)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 27)
- Re: FIREFOX 2.0.0.5 new vulnerability Joe Barr (Jul 28)
- Re: FIREFOX 2.0.0.5 new vulnerability Nate McFeters (Jul 25)