> Georgi Guninski security advisory #2, 2000
>
> Yet another Hotmail security hole - injecting JavaScript in IE using
> <IMG DYNRC="javascript:....">
<<snip>>
It would be nice to think that while fixing the previous hole
(<IMG LOWSRC="javascript:....">), one or two of the MS/Hotmail
security staff might have wondered "What other parameters on this and
other tags may be similarly exploitable?".
Yeah, right...
I note that no browser fixes have been notified/posted yet, or is
this a Hotmail-only hole (i.e. "expected behaviour" in the browser)?
Regards,
Nick FitzGerald
