MS IE 5.01 JSObject Cross-Frame Vulnerability

The cross-frame security model of Internet Explorer 5.01 can be circumvented through the use of a Java applet. If the applet is passed a parameter containing javascript code in the form of a 'javascript:' URL, the setMember method of the JSObject class can be used to change the 'href' of the DOM (Document Object Model) of another frame or window to that URL. The browser will then execute the javascript in the security context of the original contents of the other window or frame.


 

Privacy Statement
Copyright 2010, SecurityFocus