[10725] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Netscape Communicator code injection in JavaScript console using

daemon@ATHENA.MIT.EDU (Georgi Guninski)
Sun Jun 6 12:56:45 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Message-Id: <375A4A2C.3BA53431@nat.bg>
Date: 	Sun, 6 Jun 1999 13:15:08 +0300
Reply-To: Georgi Guninski <joro@NAT.BG>
From: Georgi Guninski <joro@NAT.BG>
To: BUGTRAQ@NETSPACE.ORG

There is a bug in Netscape Communicator 4.6 Win95, 4.07 Linux (probably
all 4.x are affected), which allows sniffing URLs from another window.
The problem is the injection of JavaScript code in the JavaScript
console using the "view-source:" protocol.
Access to document.links is disallowed in NC 4.6, but the document may
be read using find().
For more information, examine the source.

Workaround: Disable Javascript.

Demonstration is available at: http://www.nat.bg/~joro/viewtrack.html

Regards,
Georgi Guninski
 http://www.nat.bg/~joro
 http://www.whitehats.com/guninski


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10725] in bugtraq

Netscape Communicator code injection in JavaScript console using

daemon@ATHENA.MIT.EDU (Georgi Guninski)Sun Jun 6 12:56:45 1999

daemon@ATHENA.MIT.EDU (Georgi Guninski)
Sun Jun 6 12:56:45 1999