[1566] in WWW Security List Archive
Re: JavaScript to grab e-mail
daemon@ATHENA.MIT.EDU (Lincoln Stein)
Fri Mar 1 12:48:34 1996
Date: Fri, 1 Mar 1996 14:36:34 +0100
From: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
To: jsw@netscape.com
Cc: www-security@ns2.rutgers.edu, www-managers@lists.stanford.edu
In-Reply-To: <31360321.D04@netscape.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Jeff,
You're right. I must have been using a beta netscape when I viewed
the first of the two examples. The cache/history bug is fixed;
however, the "spy window" bug is still with us.
I'm amending the Security FAQ now to reflect these corrections.
Lincoln
Jeff Weinstein writes:
> Lincoln Stein wrote:
> >
> > > > Wow! These are extremely frightening demonstrations. Apparently it
> > > > is possible to:
> > > >
> > > > 1. Capture the user's cache and history
> > >
> > > You can not capture a user's cache and history in 2.0. These were bugs
> > > during the beta cycle that have long since been fixed.
> >
> > Oddly enough, the demos still work in 2.0.
>
> Are you sure that you are running the final 2.0? I tried it on unix and
> windows, and the cache and history ones don't work. The 'result' window
> just says 'Loading...' and never fills in.
>
> --Jeff
>
> --
> Jeff Weinstein - Electronic Munitions Specialist
> Netscape Communication Corporation
> jsw@netscape.com - http://home.netscape.com/people/jsw
> Any opinions expressed above are mine.
>
