anomy-bugs

Security bug in Anomy HTML Cleaner

From: Paul Wallingford (25797@xyz.molar.is)
Date: Sat 21 Jun 2003 - 09:55:01 GMT

  • Next message: Bjarni R. Einarsson: "Re: Security bug in Anomy HTML Cleaner"

    The following code sneaks through and does not get defanged. It is
    valid HTML / XML and renders in the mail reader (Mozilla). This is a
    security problem because it can be used by attackers to track recipients
    and possibly download malicious code to the victim's machine. In this
    message, it may appear on separate lines, but it appeared all on one
    line in the original message.

    <img border="0"
    src="http://www.lunarlandrush.com/images/moon_032303_1.gif"/>



    hosted by molar.is