[Mimedefang] Browser Bug: Very bad in IE and varies on Netscapeand Mozilla
Jonas Eckerman
jonas_lists at frukt.org
Sat Dec 20 21:26:45 EST 2003
On Sat, 20 Dec 2003 11:36:10 -0800, Kenneth Porter wrote:
> I thought the exploit didn't use encoded non-printables, but
> depended on "real" non-printables.
It uses URL-encoded non-printables (not sure wether all unprintables work though) AFAIK. %00 is not just an example taken from the air, I think the chance of %00 working this way across different versiuons of different browers is higher than for any other unprintable. :-/
In Mozilla Firebird, a %00 will not hide any thing in the "current page" address field, but it will in the status bar when hovering over/selecting a link wich %01 does not.
Regards
/Jonas
--
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/
More information about the MIMEDefang
mailing list