Article source: http://www.theregister.co.uk/content/55/24902.html

SecurityFocus post: http://online.securityfocus.com/archive/1/267561

-{ Quote: "Swedish security researcher Andreas Sandblad has discovered that the MS Internet Explorer history list allows JavaScript in the URLs. The code will execute in the same zone as the last URL visited, which in the case of the error page generated by IE is the local computer zone. Thus when an error page is generated, JavaScript can be injected into the history and executed by use of the back button.

To illustrate it, Sandblad created a little script which works nicely...

.
.
." }-

MicroSoft - at the very heart of Rustworthy Computing.

M$ has indeed made Internet Security an oxymoron.
I read somewhere lately M$ is coming out with it's own line of security programs. PULEEESE!

Maybe i must now be happy with errors or other reasons why nothing happens on my system when using the back button, no matter on which of the four links mentioned.
win98se dutch / ie6.0 fully patched.
what do you see then? i just in the browser bottom line "error in page" with doesn't seem very laughable i guess?