A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser. [1] This attack is caused by Internet Explorer not checking the destination of the resulting frame, [2] therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input. [3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input. [4]
Updated 2008-05-19
A frame injection attack is an attack on Internet Explorer 5, Internet Explorer 6 and Internet Explorer 7 to load arbitrary code in the browser. [1] This attack is caused by Internet Explorer not checking the destination of the resulting frame, [2] therefore allowing arbitrary code such as JavaScript or VBScript. This also happens when code gets injected through frames due to scripts not validating their input. [3] This other type of frame injection affects all browsers and scripts that do not validate untrusted input. [4]
Updated 2008-05-19