IE 5 Allows Cross-frame Navigation Reported April 18, 2000 by Georgi Guninski
Internet Explorer 5.01 (IE5) allows the circumvention of its cross-frame security policy by accessing the DOM of documents using Java or JavaScript. The problem exposes the whole DOM of the target document
and according to Georgi, opens lots of additional security risks. The problem allows
reading local files, reading files from any host, window spoofing, retrieving cookies, and
more. Georgi"s code is as follows: ------jsinject.html-------------------------------- VENDOR RESPONSE No response was known from Microsoft at the time of this writing. We will update this bulletin upon their response.
Discovered and reported by Geogi Guninski |
IE 5 Allows Cross-frame Navigation
0 comments
Hide comments