• Flattr this
previous Misterious Ghost Stories
NetBeans Groks JavaScript next
12 05 2008

Who You Gonna Call?

Posted by: Giorgio in XSS, IE, Mozilla, Security, NoScript, Uncategorized

After hearing me crying for help, my friend Sirdarckcat went hunting and entrapped a poltergeist which haunts IE only.

Is it this the one Manuel Caballero was talking about?
Or was that a different cross-browser evilness?

However, I ain't afraid of no ghosts :)

This entry was posted on Monday, May 12th, 2008 at 12:25 am and is filed under XSS, IE, Mozilla, Security, NoScript, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

3 Responses to “Who You Gonna Call?”

  1. #1 Meoww... says:
    May 12th, 2008 at 9:13 am

    sirdarckcat failed...

    This bug is not about kindergarten trickery to read properties you are not supposed to...

  2. #2 Ronald van den Heetkamp says:
    May 12th, 2008 at 1:54 pm

    For those without a good memory:

    Publicly known since 2006:
    https://bugzilla.mozilla.org/show_bug.cgi?id=382686
    http://lcamtuf.coredump.cx/ifsnatch/modified.html

    First read about in 2005, in a GreyMagic advisory.

  3. #3 sirdarckcat says:
    May 12th, 2008 at 11:15 pm

    This one succeeds on IE8 and newest version of IE7
    http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html

    Meow:
    I am not reading properties dude xD I am changing iframes locations ;)

    Ronald:
    I am not using document.open() nor document.write() on about:blank iframes.. this is diferent.

    Greetz!!

Bad Behavior has blocked 3113 access attempts in the last 7 days.