AwghBlog

Subscribe to our feed
Tweets
- IDAPython script to automatically go to all unidentified subroutines and press 'C'. Needed this. http://t.co/L8StnqwK 6 days ago
- South Korean psy-ops now using the video as well as the music. I prefer Nancy Sinatra. http://t.co/bZMXyrUL 1 week ago
- @openfly I feel like Rupert Murdoch is more likely to be cryogenically frozen to fight future communism than Zuckerberg. 2 weeks ago
- "The potential for the disastrous rise of misplaced power exists and will persist." http://t.co/VOcSzVjA 2 weeks ago
- Sooo much useless trivia in my head. I recognized all of these: http://t.co/z3lBHZK5 2 weeks ago
- @fbz For packet, the AGW engine is maintained and programs based on it still work. Other Ham packages, not so much. http://t.co/2g9HKfR7 2 weeks ago
- @fbz Once you have a Ham license, get a WinLink email so you can talk to me when the zombies come: http://t.co/NA3cQxnj 2 weeks ago

XSS Vulnerability in Internet Explorer HTML Attachment Download

Posted on December 23rd, 2008 in Security

Update: MS fixed this issue in the IE8 6/9/09 security update. Now IE8 behaves like Firefox (unclear on whether ‘X-Download-Options: noopen’ still exists at all). I have noticed a Cross-Site Scripting vulnerability in the way Internet Explorer handles the downloading and opening of HTML files when they are downloaded as an attachment, rather than opened [...]

Tags: attachment, Content-Disposition, hacking, ie7, internet explorer, microsoft, microsoft security, noopen, pen test, Security, web application security, Web Security, X-Download-Options, xss

Read post Read 2 comments

Tweets

XSS Vulnerability in Internet Explorer HTML Attachment Download

Categories

Recent Posts