Date: Fri, 19 Mar 1999 11:46:01 +0100 From: Most Psychoid To: BUGTRAQ@netspace.org Subject: IE5 - same vulnerabilities, only some fixed Hello, The new Microsoft Internet Explorer 5 (I checked Version: 5.00.0910.1309) still allows Frame Spoofing and reading of local Files as described by Georgi Guninski (see http://www.whitehats.com/guninski/read.html). Another new feature named "AutoComplete" stores entries (which also may be passwords). Just another new source for passwords which had not been saved in IE 4.x. The Crash-bugs seem to be removed. I could not crash my default installed IE 5 using the known exploits. So far, psychoid --- Sent through Global Message Exchange - http://www.gmx.net