> To be fair, do you really think that fixing all currently known, but
> still unfixed bugs would cost millions of dollars?
>
> Does hiring people like Lyu Die Lu costs millions of dollars?
because you can find the bugs does not mean you can fix the bugs or solve
the engineering problems whic
> On Thu, Dec 11, 2003 at 10:26:06AM -0500, Funk Jr, Joseph C. wrote:
> > Works fine for me same version IE6.0.2800.1106.xpsp2.
> Sends me to https://paypal.com Although I did notice that
> the seems to be a requirement for this vulnerability
> to work, as using a plain hyperlink fails for m
On Thu, 2003-12-11 at 11:22, David Vincent wrote:
> > Try this one:
> > http://petard.freeshell.org/ms-announce.html
>
> displayed as "http://[EMAIL PROTECTED]/" in the latest
> Firebird 0.7+ nightly.
In addition, Galeon and Ephinany display it like that. No user account
warning as with Opera tho
http://petard.freeshell.org/ms-announce.html
Mozilla 1.5:
Displays in status bar, as well as takes user to http://www.microsoft.com
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
-jim
___
Full-Disclosure - We believe in it.
C
Jim Race wrote:
http://petard.freeshell.org/ms-announce.html
Mozilla 1.5:
Displays in status bar, as well as takes user to http://www.microsoft.com
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
Check that. With Moz 1.5:
Opening in a new *TAB* takes one to MS. Clicking
Jim Race wrote:
http://petard.freeshell.org/ms-announce.html
Check that. With Moz 1.5:
Opening in a new *TAB* takes one to MS. Clicking the link takes one to
/. with "http://[EMAIL PROTECTED]/" in the address bar.
That is because the href points to MS, and that is what we will use for
opening a
On Thu, Dec 11, 2003 at 10:36:41AM -0800, Jim Race wrote:
> Check that. With Moz 1.5:
>
> Opening in a new *TAB* takes one to MS. Clicking the link takes one to
> /. with "http://[EMAIL PROTECTED]/" in the address bar.
>
> That's odd.
Not all that odd. Take a look at the source for that link:
mozilla 1.6a
http://[EMAIL PROTECTED]/
(that is in the address bar) and slashdot comes up in the browser window..
Jim Race wrote:
http://petard.freeshell.org/ms-announce.html
Mozilla 1.5:
Displays in status bar, as well as takes user to http://www.microsoft.com
Mozilla/5.0 (Windows; U; Window
]
Sent: Thursday, December 11, 2003 2:55 PM
To: Jim Race
Cc: LC
Subject: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi
lity
mozilla 1.6a
http://[EMAIL PROTECTED]/
(that is in the address bar) and slashdot comes up in the browser window..
Jim Race wrote:
>>
It was written (by whom doesn't really matter):
> Check that. With Moz 1.5:
>
> Opening in a new *TAB* takes one to MS. Clicking the link takes one to /.
> with "http://[EMAIL PROTECTED]/" in the address bar.
>
> That's odd.
Not at all.
Can you not read HTML source?
The page has an href ancho
On Thu, 2003-12-11 at 12:55, William Warren wrote:
> mozilla 1.6a
>
> http://[EMAIL PROTECTED]/
> (that is in the address bar) and slashdot comes up in the browser window..
in 1.6b slashdot is downloaded/rendered and
http://[EMAIL PROTECTED]/
is displayed in the address bar.
-Peter
--
Peter Mo
> Using internet explorer, you can also put
> http://[EMAIL PROTECTED] and
> that will take you to google. It only matters
> what you put after the @ sign.
> I noticed that one day while putting in my email
> address in for hotmail.
J,
Check out 3.1 in this doc.
http://www.faqs.org/rfcs/rf
D] On Behalf Of Nick FitzGerald
Sent: December 11, 2003 4:29 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi
lity
It was written (by whom doesn't really matter):
> Check that. With Moz 1.5:
>
> Opening in a new *TAB* takes one to MS
ord part for a
HTTP protocol base URL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mortis
Sent: December 11, 2003 6:46 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi
lity
> Using internet explore
[EMAIL PROTECTED] wrote:
> Using internet explorer, you can also put http://[EMAIL PROTECTED]
> and that will take you to google. It only matters what you put after the
> @ sign. I noticed that one day while putting in my email address in for
> hotmail.
And not _just_ in IE.
What you have descr
MAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick FitzGerald
Sent: December 12, 2003 6:09 AM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi
lity
[EMAIL PROTECTED] wrote:
> Using internet explorer, you can also put http://[EMAIL PROTECTE
16 matches
Mail list logo
