Re: Web bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

1) First off, I would not see displaying an image as a "bug" but displaying an image can be a security issue if there is a flaw in the web browser's code and someone constructs an image that takes advantage of the flaw. Similarly, there was an issue a little while ago with a Linux MP3 player and a couple of mangled MP3s floating around on some file sharing programs that would perform some remote code execution (I guess it was a buffer overflow) if you played the MP3...not exactly related but the it shows the possibility is there.

2) Unless you take into consideration what I said above, I doubt displaying an image sent a cookie unless the img tag contained a link to a dynamically generated image (which requested it) or a link to one of those web tracking/advertising companies like DoubleClick. If it was the case of a tracking /ad company then they could possibly be looking for some hints to your surfing habits. Also by third party I assume you mean a company.


On Fri, 2003-02-28 at 11:25, Philip Ching (605.734.71) wrote: 
Hi All,

Can some body explain the following:

1) Can a Web Bug (i.e., display of an image file from a third
   party web site) be a security problem?

2) Does it cause a cookie to be sent from the browser to that
   third party web site?

Thanks!

Philip 

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux