lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Oct 21 08:16:04 2005
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: New (19.10.05) MS-IE Url Spoofing bug (byK-Gen)

Jake Cole to me:

> In "Billy's" defense, this is expected in most
> JavaScript-enabled browsers.

"expected" and "most" don't quite tie up.  Is it "expected" or not?

Are theer javascript-enabled browsers where it doesn't work?  If so, in 
what truly meaningful sense is this "expected" behaviour?  (See another 
recent post where I explain what happens in Mozilla 1.0.7 on my 
machine...)

> Here's a Firefox version:
<<snip>>

Hmmmm -- a "Firefox version"??

Suggests that it is not quite entirely "expected", eh?

More that it is a corner case, or perhaps, even -- gasp -- undefined, 
no??


Regards,

Nick FitzGerald

Powered by blists - more mailing lists