On 10/19/01 5:47 PM, "Pedro Miller Rabinovitch" <pedro@ciphertech.com.br> wrote: > At 17:13 +0200 19.10.01, Clover Andrew wrote: >> Versions: >> >> Assume all versions of IE/Win are vulnerable. Status of IE under other >> platforms is unknown. Versions tested: >> >> 4.72.3612.1713 (SP2; 3283) >> 5.00.3315.1000 (SP2) >> 5.50.4522.1800 >> 6.0.2600.0000 > > I've confirmed the bug in the above. > > In MacOs 9.1, IE5 and IE4.5 do not expose the hidden about: > 'feature'. Thus, they don't seem to be vulnerable. > > As a U.S. Senator recently said (as quoted by Wired magazine) on the > whole security problem: "Use a Mac." ;-) > (please take this comment with a truckload of salt. I *am* j/k) I can also confirm that IE 5.1 for Mac OS X isn't vulnerable. It just shows the entire thing in the title of the about box, even if you type in about:</title>. Not sure if this was the same outcome as IE5 and IE4.5, it probably was. >> A Microsoft chap pointed out that sites can already break out of the >> Restricted Sites Zone, simply by pointing at another site that is >> not in that Zone. Simon
