Home page logo

bugtraq logo Bugtraq mailing list archives

Communicator exploits
From: fernand.portela () IBM NET (Fernand Portela)
Date: Fri, 10 Apr 1998 14:06:08 +0200

This is a multi-part message in MIME format.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


A few weeks ago, I've posted in this mailing-list an advisory about
issues in Netscape Communicator. Since a fixed release (4.05) is now
available to users, I think I can publish the exploits themselves.

If you received this mail in Communicator 4.04 or previous (NN2.x and
3.x are not vulnerable), simply click the links in the attached HTML
document for a demonstration of the bugs.

Fernand PORTELA                                               aka Nando
fernand.portela () ibm net                                nando () mygale org
Content-Type: text/html; charset=us-ascii; name="attacks.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="attacks.html"

function load_page() {
  w = window.open( '', 'prefs' );
  w.origin = window.document.URL;
<p>Click here
for a demonstration of the first exploit.
<p>Click here
for a demonstration of the second exploit.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]