mailing list archives
Navigator cookie security
From: oliver () LINEHAM CO NZ (Oliver Lineham)
Date: Sat, 10 Jul 1999 17:08:09 +1200
More on the topic of Navigator cookie security,
You may recall the discovery in December of a cookie bug affecting
virtually all browsers (including Netscape), relating to the cookie domain
Two points with regards to Netscape/Mozilla:
1) The bug report page on netscape.com claims that the bug is fixed from
v4.51 (http://help.netscape.com/kb/client/981231-1.html). This is a lie
(see for yourself)
2) Netscape/Mozilla decided against fixing this security hole, because it
would break Yahoo Mail - who uses sloppy cookie code. Rather than notifying
Yahoo, the fix was simply dropped.
Summary: All Netscape browsers, past, present, and future, have the bug.
You can read the (lengthy) discussion amongst Netscape engineers on this
issue, on http://bugzilla.mozilla.org/show_bug.cgi?id=8743 (contains both
Bugzilla and Bugsplat comments)
As an aside, versions of IE released since Microsoft was notified, do not
exhibit this bug.
As Netscape has not acknowledged my email or bug report from last week,
When I contacted them, they never did respond. At all. The only way I
knew they got the message was when my friend stumbled over the bug report
page on netscape.com, a few weeks later.
v i b e m e d i a http://www.vibe.co.nz/
wellington, new zealand oliver () lineham co nz
phone +64 4 566-0627 facsimile +64 4 570-1900
[LoWNOISE] Lotus Domino ET LoWNOISE (Jul 10)