[Owasp-brazil] Internet Explorer Download Zones Mix-up leads to XSS

Marcos Aurelio Rodrigues deigratia33 at gmail.com
Wed Dec 26 08:40:56 EST 2007


O que acham? Mensagem enviada na webappsec da securityfocus...

"
I would like to point you to a flaw I recently discovered in Internet
Explorer that could - under certain conditions - be exploited against a
large number of web-applications. The flaw results in XSS holes in websites
that allow the downloading of user-controlled HTML files (for example,
webmail and forum services).

For more details, you are welcomed to read the blog post at:
http://blog.watchfire.com/wfblog/2007/12/internet-explor.html

Best Regards,
     Yair Amit
"

-- 
========================================
Marcos Aurelio Rodrigues (DEiGrAtiA-33)
<deigratia33 at gmail.com>
CCNA
Mirabilia laudo semprer, Dei
========================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-brazil/attachments/20071226/e3c7bb4a/attachment.html 


More information about the Owasp-brazil mailing list