>>Larry, why are you so curious about how this exploit works?
Because the Firefox docs say they don't support ANI files for cursors
and I can't get any non-malicious ones to work in it. I have to admit
I'm having trouble getting them to work in IE now too.
What's wrong with this code?
<HTML>
<BODY>
<style type="text/css">
BODY{cursor: url(http://www.larryseltzer.com/DRUM.ANI);}
</style>
This is a harmless animated cursor.<br>
This is a harmless animated cursor.<br>
This is a harmless animated cursor.<br>
This is a harmless animated cursor.<br>
</BODY></HTML>
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
