RE: [Full-Disclosure] Locking up Internet Explorer

From: Thor Larholm (thor_at_pivx.com)
Date: 05/12/04

  • Next message: Alexander Gretencord: "Re: [Full-Disclosure] leaking"
    To: <godwulf@gmx.net>, <full-disclosure@lists.netsys.com>
    Date: Wed, 12 May 2004 10:43:34 -0700
    
    

    Any link in the form of //something has the current protocol prepended to it. If you are on a HTTP site such as http://microsoft.com and click on a link to //msdn.microsoft.com you are in reality making a request for http://msdn.microsoft.com
     
    /. used to use these links all over the place, to save some bytes I guess.
     
    The results by clicking on your link to //test/test depends on the security zone you are in. If you are in the Internet Zone you will be asking for http://test/test , if you are in the My Computer zone you will be asking for file://test/test which gets translated into \\test\test.
     
     
     
    Regards
    Thor
     

            -----Original Message-----
            From: godwulf@gmx.net [mailto:godwulf@gmx.net]
            Sent: Tue 5/11/2004 9:08 AM
            To: full-disclosure@lists.netsys.com
            Cc:
            Subject: [Full-Disclosure] Locking up Internet Explorer
            
            

            The following code creates a link that causes Microsoft Internet Explorer to
            lock up. Restarting IE is required after clicking on the link.
            
            <A HREF="//test/test">Lock up Internet Explorer</A>
            
            The form of the link just has to be //*/* as far as I tried it. The IE
            version I used was 6.0.2800.1106.xpsp2.030422-1633CO.
            
            CYA
            
            --
            "Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen!
            Jetzt aktivieren unter http://www.gmx.net/info
            
            _______________________________________________
            Full-Disclosure - We believe in it.
            Charter: http://lists.netsys.com/full-disclosure-charter.html
            

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Alexander Gretencord: "Re: [Full-Disclosure] leaking"