[H-GEN] Open source firm releases patch for IE spoofing flaw

Jason Parker-Burlingham jasonp at panix.com
Thu Dec 18 21:17:36 EST 2003


Nick Kwiatkowski <nickolas at au1.ibm.com> writes:

> For people who _have_ to use/manage IE, in a nice twist (since MS
> will not be releasing patches for DEC,) an open source firm releases
> patch for IE spoofing flaw......

For what it's worth, the bug affects Mozilla 1.5 also.  I've tested
this with Netscape 7.  See http://www.intertwingly.net/blog/1673.html,
or just put the following anchor in some HTML:

   <a href="http://www.yahoo.com%00@www.slashdot.com">not yahoo</a>

The bug is on Mozilla's Bugzilla as bug number 228176.  There are
other, related bugs, too.  Nothing as serious as the IE bug, I think,
but it's interesting, no?
-- 
http://panix.com/~jasonp?BabyPictures



More information about the General mailing list