vendor:
Internet Explorer, Communicator
by:
SecurityFocus
7.5
CVSS
HIGH
Javascript STYLE Vulnerability
79
CWE
Product Name: Internet Explorer, Communicator
Affected Version From: Microsoft Internet Explorer 5.0, Netscape Communicator 4.0/4.5/4.6
Affected Version To: Microsoft Internet Explorer 5.0, Netscape Communicator 4.0/4.5/4.6
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 2000, Windows 95, Windows 98, Windows NT 4
2002
Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Netscape Communicator 4.0/4.5/4.6 Javascript STYLE Vulnerability
The HTML STYLE command can be used to embed Javascript into Hotmail email messages. The STYLE tag circumvents current methods employed by Hotmail to disable Javascript from email messages. When viewed by a Microsoft IE 5.0 or Netscape Navigator 4.X browser, the Javascript in the email may execute various commands on the viewer's mailbox. The commands could take various actions on the user's inbox, including: reading email, deleting email, or prompting users to re-enter their password in a trojan application.
Mitigation:
Disable Javascript in the browser or email client, or use a different browser or email client.
