Hello Jacky Jack! It's another interesting aspect of saving html files, mentioned by RSnake and I've also read it in 2007. He mentioned about risks of "save web page complete" feature in Firefox (and such risks of this feature exist in other browsers), and I wrote in my advisories in 2007, 2008 and 2010 about risk of "save web page complete" and "save web archive" features. There was issue with saving web archive in Opera (in Opera 9.x and previous versions) and there was issue with saving web archive in IE (in 6, 7, 8 and previous versions), as I wrote in last advisory.
You can read my article Local XSS (http://websecurity.com.ua/4219/). And also my articles Code Execution via XSS in Internet Explorer (http://securityvulns.ru/Udocument911.html) and Cross-browser Code Execution via XSS (http://securityvulns.ru/Udocument941.html), which I wrote in 2008 concerning this kind of vulnerabilities in different browsers which I found. How the attack can be elevated from XSS to CE. In case if you haven't read them (it's English versions of the articles). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: "Jacky Jack" <jacksonsmth...@gmail.com> To: "Christian Sciberras" <uuf6...@gmail.com> Cc: "Zach C" <fxc...@gmail.com>; <full-disclosure@lists.grok.org.uk>; "MustLive" <mustl...@websecurity.com.ua> Sent: Monday, November 15, 2010 6:29 PM Subject: Re: [Full-disclosure] Saved XSS vulnerability in Internet Explorer > It's logical to RSnake's > http://ha.ckers.org/blog/20070201/firefox-save-as-complete-issue/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/