[628] in linux-security and linux-alert archive
[linux-security] more Java/Netscape holes (fwd)
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Wed Mar 6 13:01:17 1996
Date: Wed, 6 Mar 1996 11:29:21 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: linux-security@tarsier.cv.nrao.edu
[Forwarded to me from Ruth Milner at NRAO.]
------- start of forwarded message (RFC 934 encapsulation) -------
Date: Fri, 01 Mar 1996 20:25:14 -0500
From: Jack Decker <jack@novagate.com>
Subject: Java/JavaScript security breaches
If you are running Netscape 2.0 on your system, and are at all concerned
about security or privacy, you should run, not walk to this URL:
http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html
The World Wide Web Security FAQ
Pay special attention to questions 69 through 71. Number 71 in particular
discusses:
* How a JavaScript page could grab a user's e-mail address from Netscape's
preferences dialog and send it across the Internet.
* A script that can open up a small window that continuously monitors the
user's browsing activity, capture the URLs of open documents, and transmit
them to a remote server.
* A script that can obtain recursive directory listings of the user's local
disk and any network disks that happen to be mounted. This information can
be transmitted anywhere in the Internet.
* How the version of JavaScript that was included with beta versions of
Netscape 2.0 contained holes that allow the user's history and cache files
(both of which contain lists of recently-visited URLs) to be captured.
I have not seen any information on this before today, so I suspect that
other Netscape users might want to know about these risks!
------- end -------
Anyone out there looked into any of this? I know it's not Linux
specific, but since so many novice admins are putting Linux systems up
on the net--largely for the purpose of WWW browsing and serving--the
potential for Linux-impacting abuse is quite large.
The most worrying point, to me, is the third one: transmissions of
recursive directory listing from your host to arbitrary remote
locations. I'm wondering, since most of the world still runs Netscape
under MS-Windows, if this hole applies just to that pseudo-OS--or if it
applies to UNIX/Linux as well. The terminology used ("network disks")
sounds somewhat non-UNIXish (since UNIXers usually say "network
filesystems"), so that's why I'm wondering what the scope of the hole
is....
Feedback much appreciated, especially since the net, with Java and the
like, just seems to be begging for more security problems. (As if there
aren't already enough!)
--Up.
P.S. Everyone with any security concerns and WWW involvement should
definitely view the above-listed URL!
