Roy Schestowitz wrote:
>
http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news
>
> "But browser testers may already be at risk, according to
> security researcher Tom Ferris. Late Tuesday, Ferris
> released details of a potential security flaw in IE 7. An
> attacker could exploit the flaw by crafting a special Web
> page that could be used to crash the browser or gain
> complete control of a vulnerable system, Ferris said in an
> advisory on his Web site. Microsoft had no immediate
> comment on Ferris' alert."
What total hogwash. I tried this and it doesn't do anything.
The browser just sat there with no responce until it
timed out. The "file://--------------------------------"
doesn't point to anything on the computer.
Nor does "file://" "The requested file cannot be found".
Now do that same thing in your address bar in Firefox
in Linux. Firefox automatically adds the third "/" making
it "file:///" and then it list the entire root directory.
|
|
