On 2011/11/28 17:05, C. Bensend wrote:
Why bug such people unless their product IS vulnerable? Note that this
seems
to be an email trying to get people who have a "vulnerable" browser to
click
a specific link. I'd expect that link to be loaded with a zero day or the
likes that the browser exhibits.
I figured people here with their basic interest in security might know of
vulnerable browsers to make progressing to the next logical steps easy. I
am
somewhat surprised NOBODY here seems to know.
{^_^}
I guess I'm confused why you think this is a vulnerability... It's
simply another way to represent an IP address that browsers grok.
Is it obfuscation? Sure. But hell, for the average internet user,
a NON-obfuscated IP address is cryptic enough. ;) This is just
another way to do it...
Might I suggest reading the specification for URLs. I believe that
only DNS addresses and decimal dotted quads are "legal". The other
misrepresentations are not permitted so responding to them is a bug
for a browser or other URL based tool. If I'm wrong I'd like to know
with the appropriate URL RFC cited.
{^_^}
