Monday, September 08, 2008

Internet Explorer 6, 7, or 8 exposes users data via JavaScript

Ok, ok, I know these are Google Chrome dedicated days, but how can be possible that my last post did not receive attention at all?

Maybe with this title somebody will read more carefully what I wrote few days ago ... or maybe not, who knows? :?

6 comments:

Anonymous said...

I don't know... but your sample page didn't work in my Exploder version 6...

Andrea Giammarchi said...

try to login into gmail, try to login into a form, try to save data with Internet Explorer, then try again the example page, and wait for about 10 seconds.

Gareth Heyes said...

Andrea there's a selective media especially when it comes to security reports. I'm sure your post was read, if not I'll pass it on to someone at MS.

I've took the attitude to accept this and still post reports anyway because I enjoy it.

Andrea Giammarchi said...

Thanks Gareth, the weird stuff is that nobody replied to say "what the hell are you talking about", and nobody replied to say "huston, we have a problem" :D

What I mean, is that right now malicious developers could steal Credit Card information from one of the most popular air company site, so I suppose my post required more attention, that's it.

Gareth Heyes said...

I encountered the same problem when I found a hole in Safari beta which allowed cross site data reading. The media wasn't interested even though less serious vulnerabilities were plastered over the media. It seems you need a PR department these days.

Don't worry people are listening even when they don't comment. I've not verified your vulnerability but I'm a regular reader of your blog so I'm sure it's a 100% correct.

Keep up the good work and ignore the media! We are the media now ;)

Gareth Heyes said...

Andrea

I've been in touch with MS and they are tracking it now. Thanks! They didn't spot this one