[Full-disclosure] Cross Application Scripting (IE pwns Trillian, Trillian pwns YOU!)

To all,

Registered URIs can be extremely dangerous… browsers must take
special care in filtering which characters are passed to registered
URIs. Developers must take special care when registering a URI.
We've discovered MANY MANY issues with registered URIs over the last
year. Registered URIs can be remotely exploited, many times resulting
in full system compromise. You can find a sample of how dangerous
registered URIs can be here:

http://www.xs-sniper.com/nmcfeters/Cross-App-Scripting-2.html

The recent firefoxurl vulnerabilities are based on registered URIs…

http://larholm.com/2007/07/10/internet-explorer-0day-exploit
http://secunia.com/advisories/25984

Unregister ALL unnecessary URIs NOW! This is NOT just an IE
issue…and this is NOT just a Trillian issue…

Billy "BK" Rios

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/