Security Flaw? (6 SP1)

Topic

New Reply

I’ve seen the “unspecified potential security flaw” a few times recently, and just now while in the Lounge. The MSKB has a useless (to me) article PRB: “Unspecified Potential Security Flaw” Message When You Call ShowModalDialog Function. It seems to say that the site code is causing it, but doesn’t offer a workaround for users. The only other reference I found was Error message: “This page has an unspecified potential security flaw…” and it relates to “iNotes”, which I don’t have. It gives a workaround where you nominate servers as being on your intranet. Not really viable when this seems to be a random occurrence.

Any ideas?

Reply | Quote

Replies

Can you give a link to any pages that generate this warning? I’ve never seen it (using IE 5.01 or 5.5).

This page provides a little more information about the ShowModalDialog function: showModalDialog Method. In particular, it states “Because a modal dialog box can include a URL to a resource in a different domain, do not pass information through the vArguments parameter that the user might consider private.” Maybe this is why you get a warning, to let you know something you only intended to share with the main site could leak out, but the ambiguity of IE’s warnings is maddening.

(There’s a demo button down the page that throws up one of these dialogs, but because Microsoft.com is one of my Trusted Sites, I don’t get any prompts.)

Reply | Quote

Ths has only been occurring the last couple of days, and infrequently, but the next time I see it (& remember) I’ll get the link and post it. Maybe a bit hard to identify though because I typically have 3-4 ie windows/sessions going at once, and the message doesn’t seem to appear immediately you go to a page. The last time was when I had only a single window open at the Lounge, and was reading posts in a thread (flat mode) – I had read one or two posts before the message popped up (don’t remember forum or thread).

I had a look at your link, and played with the demo button, and the dialog creation page, but no errors (no MS sites are set as trusted). Although the KB article points at the showModalDialog, I don’t recall seeing any dialogs, other than normal web pages, when the message has occurred.

The cross domain issue could be related, but I’ve got “Access data sources across domains” set to “Prompt”, so that should handle it.

Reply | Quote

HI Tom,

Just a passing thought. Do you happen to be a BIGpond customer?

My access via them has been acting really weird for the last week. I thought it was just me but..

Reply | Quote

Nope. Just a little fish – can’t afford the BigPond

Your issues could be related to Re: What is this about?. I’ve heard a lot stories about dramas over here in the west during this week. Especially where someone has AAPT or Optus for their local calls and the ISP is with Telstra. Some have had outages over 24hrs, and have to dial in using the override code to get a Telstra line.

My problem, once reported seems to have vanished – A bit like taking your car to the mechanic to diagnose a strange sound

Reply | Quote