[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

From: "Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Date: Thu, 4 Jan 2007 16:42:50 -0000

> "One possible work around on the server side:
> Direct your web server to serve .pdf files as mime type 
> "application/octet" That way the files will be saved to 
> disk instead of opening in the browser plug in."

Firefox works fine with this, but depending upon which version of IE you
have (and which platform it is installed on) this probably wont work by
default, as IE will ignore the MIME type and base it's decision on the
file extension.

Martin...



----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: bugtraq

Prev by Date: [WEB SECURITY] Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
Next by Date: Re: [WEB SECURITY] RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous
Previous by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site