CVE-1999-1472

Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML DHTML to send the data to the attacker, aka the Freiburg text-viewing issue...

Re: Several javascript vulnerabilities in Opera

Dear bugtraq, I mailed Opera one week ago about a similiar javascript vulnerability in Opera. I was still waiting for any respond from Opera when I saw Guninski's bugtraq post. One thing that wasn't mentioned and might not be obvious is that the vulnerability can also be used to list files on the...

IE fails to check certificates properly if initial SSL connection originates in an IFRAME or Image

Overview Several flaws exist in Microsoft Internet Explorer that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. These problems are different from the problems reported in CERT Advisory CA-2000-05 and CERT...

CVE-2000-0662

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control DHTMLED...

CVE-2000-0503

The CVE-2000-0503 entry concerns the IFRAME within the WebBrowser control of Internet Explorer 5.01. The issue allows a remote attacker to violate the cross-frame security policy via the NavigateComplete2 event. The description and connected records indicate the vulnerability is tied to the WebBr...

Очередная дырка javascript в IE

Сочетание метода navigate с IFRAME позволяет обратиться к локальным файлам. IFRAME ID="I1"/IFRAME SCRIPT for=I1 event="NavigateComplete2b" alert"Here is your file:n"+b.document.body.innerText; /SCRIPT SCRIPT I1.navigate"file://c:/test.txt"; setTimeout'I1.navigate"file://c:/test.txt"',1000; /SCRIP...

IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control

Georgi Guninski security advisory 12, 2000 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski...

ie-iframe.txt

Georgi Guninski security advisory 12, 2000 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski...

CVE-2000-0503

The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event...

CVE-1999-0877

Affected product : Internet Explorer 5. The vulnerability allows a remote attacker to read files by invoking an ExecCommand on an IFRAME. The description provides the root cause as an insecure use of ExecCommand within an IFRAME context, enabling unauthorized file access. The connected documents ...

CVE-1999-0877

Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME...

ie50.cross-frame.txt

Subject: IE 5.0 cross-frame vulnerabilities back again from: Francis Favorini Folks, It seems that after applying the IFRAME ExecCommand patch from MS9-042, IE 5.0 is again vulnerable to Georgi Guninski's cross-frame bugs. You can visit his page at to test. I tested this on 2 NTW 4.0 SP5 machines...

IE5_IFRAME_vuln.txt

IE 5.0 security vulnerability - reading local and from any domain, probably window spoofing is possible files using IFRAME and document.execCommand Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially...

Microsoft Internet Explorer 5.04.0.1 - iFrame

Microsoft Internet Explorer 5.04.0.1 - iFrame Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: https://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a...

Microsoft Internet Explorer 5.0/4.0.1 - iFrame

Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0/Unix 5.0 IFRAME Vulnerability source: https://www.securityfocus.com/bid/696/info Internet Explorer 5 will allow a malicious web page to read the contents of...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

Internet Explorer help

None None...