Re: Yet another Hotmail security hole - injecting JavaScript in

Subject: Re: Yet another Hotmail security hole - injecting JavaScript in
From: Nick FitzGerald (nickVIRUS-L.DEMON.CO.UK)
Date: Tue Jan 04 2000 - 21:58:33 CST

• Next message: Peter W: "Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F)"
• Previous message: Derek Callaway: "userhelper/PAM exploit"
• In reply to: Georgi Guninski: "Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:....">"
• Next in thread: Justin King: "Re: Yet another Hotmail security hole - injecting JavaScript in"
• Reply: Nick FitzGerald: "Re: Yet another Hotmail security hole - injecting JavaScript in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Georgi Guninski security advisory #2, 2000
>
> Yet another Hotmail security hole - injecting JavaScript in IE using
> <IMG DYNRC="javascript:....">
<<snip>>

It would be nice to think that while fixing the previous hole
(<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail
security staff might have wondered "What other parameters on this and
other tags may be similarly exploitable?".

Yeah, right...

I note that no browser fixes have been notified/posted yet, or is
this a Hotmail-only hole (i.e. "expected behaviour" in the browser)?

Regards,

Nick FitzGerald

• Next message: Peter W: "Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F)"
• Previous message: Derek Callaway: "userhelper/PAM exploit"
• In reply to: Georgi Guninski: "Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:....">"
• Next in thread: Justin King: "Re: Yet another Hotmail security hole - injecting JavaScript in"
• Reply: Nick FitzGerald: "Re: Yet another Hotmail security hole - injecting JavaScript in"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Wed Jan 05 2000 - 10:54:26 CST