Re: I think I found a Security vulnerability in IE 6.0
- From: Michael <Michael16@xxxxxxxxx>
- Date: Mon, 13 Jun 2005 23:32:59 -0400
flatliner60 wrote:
Not a very major issue, but a malicous user has the ability to crash Internet Explorer 6.0 on an unsuspecting user's computer., not sure to the extent of what browser versions this affects, as I have only tested IE 6.0. The issue occurs when the offending page contains an IFRAME and the following Javascript code is run in:well if a site is bad enough to exploit you... there doing a favor by closing it
document.all['myIFrame'].src = "javascript:;"; window.top.close();
In my situation the code was run from a modal dialog so there was no security warning about the close. My assumption is that the Iframe is in a vulnerable state when the close() function is called, causing a memory leak/protection fault of some kind.. just my guess..
Regards,
Andrew
.
- Follow-Ups:
- Re: I think I found a Security vulnerability in IE 6.0
- From: flatliner60
- Re: I think I found a Security vulnerability in IE 6.0
- References:
- I think I found a Security vulnerability in IE 6.0
- From: flatliner60
- I think I found a Security vulnerability in IE 6.0
- Prev by Date: I think I found a Security vulnerability in IE 6.0
- Next by Date: RE: internet explorer 6.0.29 sp2 stuck on www.updatesearches.com
- Previous by thread: I think I found a Security vulnerability in IE 6.0
- Next by thread: Re: I think I found a Security vulnerability in IE 6.0
- Index(es):
Relevant Pages
|
