NYCPHP Meetup

NYPHP.org

[nycphp-talk] javascript vulnerability

Preston-Campbell brian at preston-campbell.com
Mon Jul 29 16:41:23 EDT 2002


I think I'm just going to go with plan "A".  There is no mention of a
problem in Linux -- big surprise.


<snip>

The discoverer of this issue has reported that Microsoft does not feel this
is a valid vulnerability. A workaround for Internet Explorer is to disable
the ability of script code to manipulate/interact with the clipboard/cut and
paste functionality.

To do so, users should:

- Click on the "Tools" toolbar pulldown
- Select "Internet options"
- Click on the "Security" tab
- For each of the zones that you wish to disable the feature:
- Click "Custom Level"
- Go to the "Scripting" sub-section
- Set "Allow paste operations via script" to "Disable"

Another, broader workaround is to disable scripting completely. This may
adversely affect your browsing abilities.

</snip>


Brian





----- Original Message -----
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Monday, July 29, 2002 3:34 PM
Subject: [nycphp-talk] javascript vulnerability


> Hi Folks:
>
> Nice meeting some of you last week.  Security Focus' latest weekly
> contains a notice about a JavaScript vulnerability.  In some ways, it's
> just another incantation of prior problems.
>
> http://www.securityfocus.com/bid/5290
>
> Anyway, it's a good reason to keep JS off in your browser.  And another
> good not to rely on it on your websites.
>
> Enjoy,
>
> --Dan
>
> --
>                PHP classes that make web design easier
>         SQL Solution  |   Layout Solution   |  Form Solution
>     sqlsolution.info  | layoutsolution.info |  formsolution.info
>  T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>  4015 7 Av #4AJ, Brooklyn NY     v: 718-854-0335     f: 718-854-0409
>
>
>





More information about the talk mailing list