[1241] in WWW Security List Archive
Re: your mail
daemon@ATHENA.MIT.EDU (Adam Shostack)
Thu Dec 14 22:49:32 1995
From: Adam Shostack <adam@bwh.harvard.edu>
To: mkerr@largnet.uwo.ca (Michael Kerr)
Date: Thu, 14 Dec 1995 20:05:45 -0500 (EST)
Cc: jm@circle-slide.indianapolis.sgi.com, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.SOL.3.90.951213094255.1959A-100000@johns.largnet.uwo.ca> from "Michael Kerr" at Dec 13, 95 09:44:42 am
Errors-To: owner-www-security@ns2.rutgers.edu
This is not correct. (Netscape 2.0beta2, Sunos 4.14). Turn off Java,
go to http://www.tripleg.com.au:80/staff/scott/
The bug that let you do this has been fixed in Beta3, but I'd take
with several grains of salt the assertion you can turn off JavaScript.
Adam
Michael Kerr wrote:
| On Tue, 12 Dec 1995, jon madison wrote:
|
| > anyone know more about the security of java/livescript (mocha, whatever)?
| > i've already heard of a big flaw that was plugged for the latest 2.0beta
| > that would allow a javascript author to save a history of the
| > clients travels on the web. are there any other potential dangers?
| >
| > i really don't like the fact that this java script is not something
| > that cannot be chosen to be turned off by the browser, can be embedded in
| > html pages, etc.
|
| They can. If you go through the Netscape 2.0b Options menu and look under
| Security | General, it gives you the option to turn Java off.
|
| Mike.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
