anomy-bugs

• Previous message: Rick Troxel: "Solaris tweaks for testcases"
• Next in thread: Bjarni R. Einarsson: "Re: Security bug in Anomy HTML Cleaner"
• Reply: Bjarni R. Einarsson: "Re: Security bug in Anomy HTML Cleaner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

The following code sneaks through and does not get defanged. It is
valid HTML / XML and renders in the mail reader (Mozilla). This is a
security problem because it can be used by attackers to track recipients
and possibly download malicious code to the victim's machine. In this
message, it may appear on separate lines, but it appeared all on one
line in the original message.

<img border="0"
src="http://www.lunarlandrush.com/images/moon_032303_1.gif"/>

• Next message: Bjarni R. Einarsson: "Re: Security bug in Anomy HTML Cleaner"
• Previous message: Rick Troxel: "Solaris tweaks for testcases"
• Next in thread: Bjarni R. Einarsson: "Re: Security bug in Anomy HTML Cleaner"
• Reply: Bjarni R. Einarsson: "Re: Security bug in Anomy HTML Cleaner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]