[thelist] RE: Most standards compliant browser?

Andrew Forsberg andrew at thepander.co.nz
Mon Jan 21 16:53:33 CST 2002

Hi Jeff

Took a while to find it, but here's the MS bulletin:

>From their bulletin:
>a malicious user could potentially craft a URL that would allow them 
>to gain unauthorized access to a user's cookies and potentially 
>modify the values contained in them. Because some web sites store 
>sensitive information in a user¹s cookies, this could allow personal 
>information to be compromised. Both vulnerabilities could be 
>exploited either by hosting specially crafted URL's on a web page or 
>by sending them to the victim in an HTML email.

I should really have said 'world readable and world writable'. A 
really basic standard of privacy was lacking in 5.5 and 6.0 for quite 
some time.

There's also the super cookie problem:


>  ><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>>  From: Andrew Forsberg
>>  You mean, like the standard where cookies are not world
>>  readable? :)
>got a link to a security bulletin on that one?
>i'm aware of a couple of security issues relating to cookies, but not ones
>that i'd describe in the general terms you use.

Andrew Forsberg
uberNET - http://uber.net.nz/
the pander - http://thepander.co.nz/

More information about the thelist mailing list