Hi Michal,
On Monday 12 February 2007 00:01, Michal Zalewski wrote:
After some research, I can offer this clarification:
1) The MSIE 7 attack vector I described is a distinctive, new
vulnerability that differs from the attack reported by Charles
McAuley and Bart van Arnhem.
Michal Zalewski wrote:
2) The Firefox attack vector is related to the Charles' CVE-2006-2894,
which in turn was a rediscovery of a problem known to Mozilla since
2000 (!); attempts to fix it in official releases failed because the
problem was repeatedly marked as a duplicate
On 2/12/07, Ruud H.G. van Tol [EMAIL PROTECTED] wrote:
Michal Zalewski wrote:
2) The Firefox attack vector is related to the Charles' CVE-2006-2894,
which in turn was a rediscovery of a problem known to Mozilla since
2000 (!); attempts to fix it in official releases failed
Hi,
On Tuesday 13 February 2007 05:44, Tyop? wrote:
http://lcamtuf.coredump.cx/focusbug/index.html
Without JavaScript on, this doesn't work. See http://noscript.net/
Without a browser too, this doesn't work. See
http://netcat.sourceforge.net/
DONT TRY THIS AT HOME.
I started to mentally
After some research, I can offer this clarification:
1) The MSIE 7 attack vector I described is a distinctive, new
vulnerability that differs from the attack reported by Charles
McAuley and Bart van Arnhem. Attacks described by them were
fixed in MSIE7 (although MSIE6 is still