No subject
Thu Apr 10 10:11:33 CDT 2008
"Quite a long time ago I contacted Microsoft regarding what I thought was a XSS vulnerability in IE.
Microsoft disagreed, preferring to call it a 'feature'.
This feature allows javascript embedded into GIF files to be executed under certain circumstances. The javascript may point to an alternate domain (as is the case with XXS vulnerabilities)."
---clip---
More at
http://www.viruslist.com/en/weblog?calendar=2008-06
Juha-Matti
More information about the funsec
mailing list