Re: Yet another Hotmail security hole - injecting JavaScript in

To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject: Re: Yet another Hotmail security hole - injecting JavaScript in
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 5 Jan 2000 15:58:33 +1200
Approved-by: aleph1@SECURITYFOCUS.COM
Comments: Authenticated sender is <nick@virus-l.demon.co.uk@pop3.demon.co.uk>
Delivered-to: bugtraq@lists.securityfocus.com
Delivered-to: BUGTRAQ@SECURITYFOCUS.COM
In-reply-to: <3872022D.88D2BB0E@nat.bg>
Organization: Personal account
Priority: normal
Reply-to: nick@xxxxxxxxxxxxxxxxxxx
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>

> Georgi Guninski security advisory #2, 2000
>
> Yet another Hotmail security hole - injecting JavaScript in IE using
> <IMG DYNRC="javascript:....">
<<snip>>

It would be nice to think that while fixing the previous hole
(<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail
security staff might have wondered "What other parameters on this and
other tags may be similarly exploitable?".

Yeah, right...

I note that no browser fixes have been notified/posted yet, or is
this a Hotmail-only hole (i.e. "expected behaviour" in the browser)?


Regards,

Nick FitzGerald

References:
- Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:....">
  - From: Georgi Guninski

Prev by Date: Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F)
Next by Date: SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Previous by thread: Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:....">
Next by thread: Re: Hotmail security hole - injecting JavaScript using <IMG
Index(es):
- Date
- Thread