Thor Larholm <[EMAIL PROTECTED]> wrote:
> The above is merely misinformation on their parts. The Restricted Sites Zone
> tries to disable scripting ( a requisite for the dialogArguments
> vulnerability ), but many vulnerabilities allow you to circumvent this
> setting
Even non-vulnerabilities al
In my comments I wrote that the cssText vulnerability appeared to be
patched. After further testing and research I will have to correct myself,
as the issue is not patched at all.
To sum it up:
On February 18, GreyMagic discovered a vulnerability in the cssText property
of imported stylesheets.
The latest cumulative patch from Microsoft,
http://www.microsoft.com/technet/security/bulletin/MS02-023.asp , promises
to eliminate "six newly discovered vulnerabilities", but fails to do so.
First, we find what MS calls "A cross-site scripting vulnerability in a
Local HTML Resource". This is obv