WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Internet Explorer Download Zones Mix-up leads to XSS

From: Yair Amit <AMITYAIR () il ibm com>
Date: Mon, 24 Dec 2007 22:46:47 +0200

Hello,

I would like to point you to a flaw I recently discovered in Internet
Explorer that could - under certain conditions - be exploited against a
large number of web-applications. The flaw results in XSS holes in websites
that allow the downloading of user-controlled HTML files (for example,
webmail and forum services).

For more details, you are welcomed to read the blog post at:
http://blog.watchfire.com/wfblog/2007/12/internet-explor.html

Best Regards,
      Yair Amit


-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: