« Palin e-mail snoop sentenced to a year in custody | Main | Phrack #67 is out for 25th anniversary! »

Interesting IE leak via window.onerror

Chris Evans has posted an interesting bug in IE involving using JavaScript's window.onerror to leak cross domain data. From his blog

"The bug is pretty simple: IE supports a window.onerror callback which fires whenever a Javascript parse or runtime error occurs. Trouble is, it fires even if www.evil.com registers its own window.onerror handler and then uses <script src="http://www.bank.com/">. "

Full Advisory: http://scarybeastsecurity.blogspot.com/2010/10/minor-leak-major-headache.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!