[Esd-l] New exploit to block
Bill Larson
blarson at compu.net
Mon Mar 4 16:10:02 PST 2002
Ah good just ran across that today and wasn't sure about the object tags
from memory.
----- Original Message -----
From: "John D. Hardin" <jhardin at impsec.org>
To: "Bill Larson" <blarson at compu.net>
Cc: <Esd-l at spconnect.com>
Sent: Monday, March 04, 2002 5:55 PM
Subject: Re: [Esd-l] New exploit to block
> On Mon, 4 Mar 2002, Bill Larson wrote:
>
> > http://www.theregus.com/content/4/24206.html
>
> OBJECT tags have been defanged for a long time. If this worries you,
> make sure that you do not set $SECURITY_TRUST_HTML.
>
> --
> John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
> jhardin at impsec.org pgpk -a jhardin at wolfenet.com
> 768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
> 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> In 1998 more than three times as many people in the US were killed
> by incompetent physicians than were killed by handguns, yet the
> President of the A.M.A. is adopting "gun safety" as his platform.
> -----------------------------------------------------------------------
> 974 days until the Presidential Election
More information about the esd-l
mailing list