Full Disclosure mailing list archives
Re: Saved XSS vulnerability in Internet Explorer
From: "MustLive" <mustlive () websecurity com ua>
Date: Thu, 18 Nov 2010 19:40:30 +0200
Hello Jacky Jack! It's another interesting aspect of saving html files, mentioned by RSnake and I've also read it in 2007. He mentioned about risks of "save web page complete" feature in Firefox (and such risks of this feature exist in other browsers), and I wrote in my advisories in 2007, 2008 and 2010 about risk of "save web page complete" and "save web archive" features. There was issue with saving web archive in Opera (in Opera 9.x and previous versions) and there was issue with saving web archive in IE (in 6, 7, 8 and previous versions), as I wrote in last advisory. You can read my article Local XSS (http://websecurity.com.ua/4219/). And also my articles Code Execution via XSS in Internet Explorer (http://securityvulns.ru/Udocument911.html) and Cross-browser Code Execution via XSS (http://securityvulns.ru/Udocument941.html), which I wrote in 2008 concerning this kind of vulnerabilities in different browsers which I found. How the attack can be elevated from XSS to CE. In case if you haven't read them (it's English versions of the articles). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: "Jacky Jack" <jacksonsmth698 () gmail com> To: "Christian Sciberras" <uuf6429 () gmail com> Cc: "Zach C" <fxchip () gmail com>; <full-disclosure () lists grok org uk>; "MustLive" <mustlive () websecurity com ua> Sent: Monday, November 15, 2010 6:29 PM Subject: Re: [Full-disclosure] Saved XSS vulnerability in Internet Explorer
It's logical to RSnake's http://ha.ckers.org/blog/20070201/firefox-save-as-complete-issue/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Saved XSS vulnerability in Internet Explorer MustLive (Nov 14)
- Re: Saved XSS vulnerability in Internet Explorer Zach C (Nov 14)
- Re: Saved XSS vulnerability in Internet Explorer Christian Sciberras (Nov 14)
- Re: Saved XSS vulnerability in Internet Explorer Jacky Jack (Nov 15)
- Re: Saved XSS vulnerability in Internet Explorer MustLive (Nov 18)
- Re: Saved XSS vulnerability in Internet Explorer Christian Sciberras (Nov 14)
- Re: Saved XSS vulnerability in Internet Explorer MustLive (Nov 18)
- Re: Saved XSS vulnerability in Internet Explorer Jacky Jack (Nov 18)
- Re: Saved XSS vulnerability in Internet Explorer Zach C (Nov 14)