[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity

To: David Vincent <david.vincent@mightyoaks.com>
Subject: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
From: Frank Knobbe <frank@knobbe.us>
Date: Thu, 11 Dec 2003 12:22:04 -0600

On Thu, 2003-12-11 at 11:22, David Vincent wrote:
> > Try this one:
> > http://petard.freeshell.org/ms-announce.html
> 
> displayed as "http://www.microsoft.com%01@slashdot.org/"; in the latest
> Firebird 0.7+ nightly.

In addition, Galeon and Ephinany display it like that. No user account
warning as with Opera though.

> 
> displayed as "http://www.microsoft.com@slashdot.org/" in Opera 7.23 AFTER
> getting a warning about going to an URL which includes a username.
> 
> displayed as "http://www.microsoft.com@slashdot.org/" in Avant Browser 8.02
> Build 207
> 
> displayed as "http://www.microsoft.com"; in IE 6.0.2800.1106
> 
> all are on W2k Pro SP4 et al.
>

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
  - From: David Vincent <david.vincent@mightyoaks.com>

Prev by Date: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Next by Date: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Previous by thread: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Next by thread: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Index(es):
- Date
- Thread