At 17:13 +0200 19.10.01, Clover Andrew wrote: >Versions: > >Assume all versions of IE/Win are vulnerable. Status of IE under other >platforms is unknown. Versions tested: > >4.72.3612.1713 (SP2; 3283) >5.00.3315.1000 (SP2) >5.50.4522.1800 >6.0.2600.0000 I've confirmed the bug in the above. In MacOs 9.1, IE5 and IE4.5 do not expose the hidden about: 'feature'. Thus, they don't seem to be vulnerable. As a U.S. Senator recently said (as quoted by Wired magazine) on the whole security problem: "Use a Mac." ;-) (please take this comment with a truckload of salt. I *am* j/k) >A Microsoft chap pointed out that sites can already break out of the >Restricted Sites Zone, simply by pointing at another site that is >not in that Zone. Compare the effort on both fronts. I agree with Clover's comments. Regards, Pedro. -- Pedro Miller Rabinovitch Diretor de Tecnologia Cipher Technology 21-2579-3999 www.ciphertech.com.br _____ "Segurança em TI - uma especialidade Cipher Technology"
