mailing list archives
Re: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival
From: Mads Peter Bach <mpb () bugtraq logout sh>
Date: Wed, 06 Jun 2001 06:34:58 +0200
Netscape Messanger uses internal protocol called mailbox://. The
format of mailbox URI is
this URI contains full path to user's mailbox which usually contains
user's login name and in case of Windows 9x - the path to Netscape
installation. It's impossible to determine this location from
It's possible to retrieve mailbox:// URI of the message. E.g., it's
possible to retrieve mailbox location, user's system login and in some
cases path to Netscape installation.
This vulnerability only affects the users local (on the client machine) mailbox. If a user keeps his mail on an IMAP
server, the the referer will show
up as an IMAP:// url.
Workaround: Don't use POP3, and keep your mail on an IMAP server.