Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outlook HTML VBS (demo)

From: 11a () GMX NET (Bluefish)
Date: Mon, 22 May 2000 21:20:02 +0200

I think so too. I didn't think this was an unknown issue, the first
javascript I did was a simple "open a lot of windowses" which I sent to a
friend of mine (who I knew to be humorous and wouldn't get angry over it)

This behaviour has been netscape default since 3.0 at least, and can
obviously be used to rather malicious tricks, like doing a delay and then
fool the reciever to type in his "network password" or something.

Except for "social engineering", I don't think there's more
vulnerabilities into it. Can be disabled in the preferences btw.

On Sun, 21 May 2000, Blue Boar wrote:


Heh.  Pretty good.  Just previewing the note popped the alert.
Netscape messenger 4.6.  Makes sense I suppose, it's just trying
to "display" the HTML.  I assume the note is still sandboxed, and
can't do anything terribly interesting? (Other than whatever browser
holes are in the version used to read it.)

Any Javascript experts?  Is there a Netscape API for going through the
mailbox?

                                      BB



..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: