Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Javascript bug in Netscape Communicator 4.5
From: tarreau () AEMIAIF LIP6 FR (Willy TARREAU)
Date: Thu, 29 Oct 1998 11:59:05 +0100



There is a bug in Netscape Communicator 4.5, 4.07, 3.04 under Windows 95
(probably others) which allows reading user's cache (the urls the user
has
visited, including the info in GET forms). Reading local directories
content
is also allowed. This info may be sent to an arbitrary host.
The bug may be exploited by email.

it also works under Linux, and probably other Unixes as demonstrated by the
slightly modified copy I've made from your page which can be accessed at :

  http://www-miaif.lip6.fr/willy/security/netscape.html

Workaround: Disable Javascript.
Regards,
Georgi Guninski
http://www.geocities.com/ResearchTriangle/1711/

                                        Willy

--
+----------------------------------------------------------------------------+
| Willy Tarreau - tarreau () aemiaif lip6 fr - http://www-miaif.lip6.fr/willy/  |
| System and Network Engineer at NOVECOM ( France ) - http://www.novecom.fr/ |
| Magistere d'Informatique Appliquee de l'Ile de France ( MIAIF ), Year 1997 |
+----------------------------------------------------------------------------+



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault