It might have been IE only, I'm not sure. I don't work in the same place but I can try and find out some more details from my former colleague.
On Wed, Jul 9, 2008 at 10:47 PM, Neil Parker <[EMAIL PROTECTED]> wrote: > Another thing worth remembering is that just as Javascript itself differs > quit a bit from browser to browser, so do its security issues. A > feature (?) that makes it possible to write a port scanner in one > browser might not exist at all in another browser. > > Traditionally Internet Explorer has been considered the worst offender > security-wise. In part this is because it lets you say "x = new > ActiveXObject(...)", which sometimes makes it possible for Javascript to > invoke components that were never intended to be used by a web browser. > (Remember last year's Month of Browser Bugs? Most of the IE bugs on that > list revolved around ActiveXObject.) > > ActiveXObject, and its security implications, are completely absent in > Firefox. Not that Firefox has been free of Javascript security holes, > though...as it evolved from 2.0 to 2.0.0.15, many of the updates > included patches for Javascript security holes. Several of these involved > ways for Javascipt to elevate its permissions from content (highly > restricted) to chrome (unrestricted, with full access to your filesystem > and the network). > > > I'd be highly interested to learn how that port scanner worked. Did it > depend on one particular browser? > > - Neil Parker > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
