[Owasp-brazil] Internet Explorer Download Zones Mix-up leads to XSS

Marcos Aurelio Rodrigues deigratia33 at gmail.com
Wed Dec 26 08:40:56 EST 2007

O que acham? Mensagem enviada na webappsec da securityfocus...

I would like to point you to a flaw I recently discovered in Internet
Explorer that could - under certain conditions - be exploited against a
large number of web-applications. The flaw results in XSS holes in websites
that allow the downloading of user-controlled HTML files (for example,
webmail and forum services).

For more details, you are welcomed to read the blog post at:

Best Regards,
     Yair Amit

Marcos Aurelio Rodrigues (DEiGrAtiA-33)
<deigratia33 at gmail.com>
Mirabilia laudo semprer, Dei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-brazil/attachments/20071226/e3c7bb4a/attachment.html 

More information about the Owasp-brazil mailing list