Abandon  |  All  |  Hope  |  Ye  |  Who  |  Enter  |  The  |  Hall  |  Of  |  Bloat

/
 MBASIC
 Delphi
 OWL
 C++/C#
 MFC
 WScript
 Visual Basic
 OLE
 ActiveX/
  Visual.NET/
   Hellware*

Letters

They're presented without comment. Well almost.

<http://grc.com/x/news.exe?cmd=article&group=grc.security&item=109773>

Subject: Bloatbusters - Firefox exploit question
Date: Thu, 2 Feb 2006 13:01:28 -0500
From: 'GaryC_47' <garyc_47@myrealbox.ca>

I was reading the anti-Gibson vitriol at Radsoft.net and ended up visiting their equally vitriolic anti-bloatware site: bloatbusters dot org.

Using Firefox 1.5 with java & javascript turned off on WinXP home SP2 and also on Win98SE with Firefox 1.5.

The main page contains 5 buttons. Clicking the top button [I still run windows] results in Outlook Express launching with a new message addressed to 'department of homeland security'.

I'm very curious as to how they do this. My google searching turned up nothing and it seems like a potentially dangerous vulnerability.

Is anyone familier with this trick?

thanks,
Gary

  Down

Abandon  |  All  |  Hope  |  Ye  |  Who  |  Enter  |  The  |  Hall  |  Of  |  Bloat
Copyright © bloatbusters.org. Web space courtesy Radsoft. We bust apps that suck.