Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Is _your_ Netscape under remote control
From: psw () wherry com (Phillip Wherry)
Date: Fri, 24 May 1996 18:01:42 -0400


A couple of messages have appeared on the Bugtraq mailing list concerning
the use of X to control a Netscape client. I think there's a fundamental
point being missed here: control of the Netscape client is done through X
properties and thereby REQUIRES that one already have control of the X
server.

The situation described (Web server manipulates a Netscape instance
remotely) isn't possible unless the server ALREADY has unfettered access
to the X server; even if this were true, the attack would be conducted via
the X mechanisms and not HTTP. The server-side include example cited
wouldn't work, since the program would be executed on the Web server end,
not the client (running the X server).

Phil

--
Phil Wherry - psw () wherry com
Phone:   +1 703 242-2618; fax +1 703 242-1167



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]