Slashdot Mirror


Don't Hit That Back Button

Saint Aardvark writes: "From the Bugtraq mailing list comes this warning: 'Using the Back Button in IE is dangerous'. When hitting the back button, javascript links will be executed in the security zone of the last url viewed. Proof-of-concept included in the warning will execute minesweeper or read your Google cookies."

1 of 640 comments (clear)

  1. Is there a real exploit here? by Chuck+Chunder · · Score: 5, Insightful

    Even if an executable were encoded in the link would the end user not be simply warned that they are attempting to download an executable, as with any other URL that served them an executable?

    It's only a security hole if delivering the content via the data URL is treated differently than getting it via an http, ftp or javascript one.

    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park