hey,
it isnt a flaw anymore,
and hotmail had corrcted this long ago
then once another flaw came......ppl started using javasCript,
where C is written using C (the ASCII5 code)
supposedly any imge/web page could be opened using
<IMG SRC="javasCript:window.open('http:://the web page')">
etc.
i tried it on my account in hotmail,
couldnt open the page i mentioned :o(
guess its rectified
have fun,
gautam...
>
> There is a major security flaw in Hotmail which allows
> injecting and
> executing JavaScript code in an email message using
> the javascript protocol.
> This exploit works both on Internet Explorer 5.x
> (almost sure IE 4.x) and
> Netscape Communicator 4.x. Hotmail filters the
> "javascript:" protocol for
> security reasons.
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-delhi/
