CNET: Microsoft admits browser security holeOct 12, 1999, 22:24 (9 Talkback[s])
(Other stories by Paul Festa)
[ Thanks to dmitchell for this link. ]
"Microsoft today acknowledged a security problem with its Web browser that could let a malicious Web site operator rifle through visitors' files."
"Like many browser security problems, this one has to do with scripting technology, which lets a Web site execute actions on a user's computer without the user's interaction."
"For security reasons, browsers typically restrict the kinds of things a Web site can do with scripts. But in this case, Microsoft's Internet Explorer 5.0 browser fails to restrict scripts when they are executed from within smaller windows within a Web site called frames."
"The security hole is typical of the type regularly reported by Bulgarian bug hunter Georgi Guninski. Guninski, who first reported this bug, has reported many others in browsers from both Microsoft and America Online's Netscape unit."