| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1071166924.518.22.camel@localhost> From: frank at knobbe.us (Frank Knobbe) Subject: Re: Internet Explorer URL parsing vulnerabi lity On Thu, 2003-12-11 at 11:22, David Vincent wrote: > > Try this one: > > http://petard.freeshell.org/ms-announce.html > > displayed as "http://www.microsoft.com%01@...shdot.org/" in the latest > Firebird 0.7+ nightly. In addition, Galeon and Ephinany display it like that. No user account warning as with Opera though. > > displayed as "http://www.microsoft.com.@slashdot.org/" in Opera 7.23 AFTER > getting a warning about going to an URL which includes a username. > > displayed as "http://www.microsoft.com.@slashdot.org/" in Avant Browser 8.02 > Build 207 > > displayed as "http://www.microsoft.com" in IE 6.0.2800.1106 > > all are on W2k Pro SP4 et al. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031211/3a84fde9/attachment.bin
Powered by blists - more mailing lists