SecurityFocus

Internet Explorer URL parsing vulnerability Dec 09 2003 06:15PM
John W. Noerenberg II (jwn2 qualcomm com) (1 replies)

Re: Internet Explorer URL parsing vulnerability Dec 10 2003 12:13AM
Pedro Castro (noupy mail telepac pt) (3 replies)

Re: Internet Explorer URL parsing vulnerability Dec 10 2003 07:39PM
William Stockall (wstockal compusmart ab ca)

Re: Internet Explorer URL parsing vulnerability Dec 10 2003 07:37PM
Tiago Pierezan Camargo (tiago telenova net)

Re: Internet Explorer URL parsing vulnerability Dec 10 2003 07:26PM
Andreas Plesner Jacobsen (apj mutt dk) (1 replies)

Re: Internet Explorer URL parsing vulnerability Dec 11 2003 12:43AM
Charles Richmond (cmr iisc com) (1 replies)

Re: Internet Explorer URL parsing vulnerability (Yes, Mozilla too.) Dec 11 2003 06:31PM
netmask (netmask enZotech net)

> MacOSX 10.2.28 Mozilla Firebird 0.6 NOT vulnerability
> MacOSX 10.2.28 Mozilla Firebird 0.7.1 NOT vulnerability
> MacOSX 10.2.28 IE 5.2.2 (5010.1) NOT vulnerability
> MacOSX 10.2.28 IE 5.2.3 (5815.1) NOT vulnerability

Mozilla 1.5 is vulnerable on Linux, but not to %01 (In fact, I could not get
it to work with %01 on IE 6.0.2800.1106

If you use %00, it works the same.

http://www.microsoft.com%00 (at) www.securityfocus (dot) com [email concealed]

Mozilla 1.5 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007)

Mouse over will only show www.microsoft.com.

Not that this is a huge deal

[ reply ]