lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: viper31337 at yahoo.co.in (ViPeR) Subject: Re: GoogleToolbar:About -- Allows Script Injection hi, agreed, but still its possible to conduct remote attacks on unpatched IE i suppose. Also, if a new flaw pops up using which we are able to access "res:" protocol from the internet-zone, well, this is one way of injecting code into the mycomputer-zone. well, all i wanted to point out was that there was no filtering on part of software, to disallow any such attacks. rgds, Viper --- "Rafel Ivgi, The-Insider" <theinsider@....net.il> wrote: > This is not dangerous from remote, because the > "res:" protocol is not > accessible by internet zone. You must to find a way > to access "res:" from > remote, otherwise it means nothing. As for local > zone, you can ran scripts > in mycomputer zone. > > > Rafel Ivgi, The-Insider > Security Consultant, Finjan.com > ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony
Powered by blists - more mailing lists