>From Roel Schouwenberg's post # June 27, 2008: "Quite a long time ago I contacted Microsoft regarding what I thought was a XSS vulnerability in IE.
Microsoft disagreed, preferring to call it a 'feature'. This feature allows javascript embedded into GIF files to be executed under certain circumstances. The javascript may point to an alternate domain (as is the case with XXS vulnerabilities)." ---clip--- More at http://www.viruslist.com/en/weblog?calendar=2008-06 Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
