| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: thor at pivx.com (Thor Larholm) Subject: Locking up Internet Explorer Any link in the form of //something has the current protocol prepended to it. If you are on a HTTP site such as http://microsoft.com and click on a link to //msdn.microsoft.com you are in reality making a request for http://msdn.microsoft.com /. used to use these links all over the place, to save some bytes I guess. The results by clicking on your link to //test/test depends on the security zone you are in. If you are in the Internet Zone you will be asking for http://test/test , if you are in the My Computer zone you will be asking for file://test/test which gets translated into \\test\test. Regards Thor -----Original Message----- From: godwulf@....net [mailto:godwulf@....net] Sent: Tue 5/11/2004 9:08 AM To: full-disclosure@...ts.netsys.com Cc: Subject: [Full-Disclosure] Locking up Internet Explorer The following code creates a link that causes Microsoft Internet Explorer to lock up. Restarting IE is required after clicking on the link. <A HREF="//test/test">Lock up Internet Explorer</A> The form of the link just has to be //*/* as far as I tried it. The IE version I used was 6.0.2800.1106.xpsp2.030422-1633CO. CYA -- "Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen! Jetzt aktivieren unter http://www.gmx.net/info _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists