Re: Internet Explorer URL parsing vulnerability (Yes, Mozilla too.)

To: Charles Richmond <cmr@xxxxxxxx>
Subject: Re: Internet Explorer URL parsing vulnerability (Yes, Mozilla too.)
From: netmask <netmask@xxxxxxxxxxxx>
Date: Thu, 11 Dec 2003 12:31:58 -0600 (CST)
Cc: Andreas Plesner Jacobsen <apj@xxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <1AC6834C-2B73-11D8-B33A-000A959D1CB2@xxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <1AC6834C-2B73-11D8-B33A-000A959D1CB2@xxxxxxxx>
Restrict: no-external-archive

> MacOSX 10.2.28        Mozilla Firebird 0.6            NOT vulnerability
> MacOSX 10.2.28        Mozilla Firebird 0.7.1          NOT vulnerability
> MacOSX 10.2.28        IE 5.2.2 (5010.1)                       NOT 
> vulnerability
> MacOSX 10.2.28        IE 5.2.3 (5815.1)                       NOT 
> vulnerability

Mozilla 1.5 is vulnerable on Linux, but not to %01  (In fact, I could not get
it to work with %01 on IE 6.0.2800.1106

If you use %00, it works the same.

http://www.microsoft.com%00@xxxxxxxxxxxxxxxxxxxxx

Mozilla 1.5 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007)

Mouse over will only show www.microsoft.com.

Not that this is a huge deal

References:
- Re: Internet Explorer URL parsing vulnerability
  - From: Charles Richmond

Prev by Date: Re: A new TCP/IP blind data injection technique?
Next by Date: irssi - potential remote crash
Previous by thread: Re: Internet Explorer URL parsing vulnerability
Next by thread: Re: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread