[10725] in bugtraq
Netscape Communicator code injection in JavaScript console using
daemon@ATHENA.MIT.EDU (Georgi Guninski)
Sun Jun 6 12:56:45 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Message-Id: <375A4A2C.3BA53431@nat.bg>
Date: Sun, 6 Jun 1999 13:15:08 +0300
Reply-To: Georgi Guninski <joro@NAT.BG>
From: Georgi Guninski <joro@NAT.BG>
To: BUGTRAQ@NETSPACE.ORG
There is a bug in Netscape Communicator 4.6 Win95, 4.07 Linux (probably
all 4.x are affected), which allows sniffing URLs from another window.
The problem is the injection of JavaScript code in the JavaScript
console using the "view-source:" protocol.
Access to document.links is disallowed in NC 4.6, but the document may
be read using find().
For more information, examine the source.
Workaround: Disable Javascript.
Demonstration is available at: http://www.nat.bg/~joro/viewtrack.html
Regards,
Georgi Guninski
http://www.nat.bg/~joro
http://www.whitehats.com/guninski