[1568] in WWW Security List Archive
Re: UPDATE: Security holes in JavaScript/Netscape 2.0
daemon@ATHENA.MIT.EDU (John Robert LoVerso)
Fri Mar 1 12:48:36 1996
To: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
Cc: www-security@ns2.rutgers.edu, www-managers@lists.stanford.edu,
eric.hammond@sdrc.com (Eric Hammond),
Malcolm Humes <mhumes@tenetwork.com>,
Jeff Weinstein <jsw@netscape.com>, lstein@pico.crbm.cnrs-mop.fr
In-reply-to: Message from Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr>
<199603011407.PAA04441@pico.crbm.cnrs-mop.fr> .
Date: Fri, 01 Mar 96 09:11:25 -0500
From: John Robert LoVerso <loverso@osf.org>
Errors-To: owner-www-security@ns2.rutgers.edu
Please note that Netscape has (informally) announced plans for the
imminent release of 2.01 that will fix the three problems you list
as being present in 2.0.
See: snews://secnews.netscape.com/31367495.7AAE@atm.mcom.com
John
p.s.:
Note that I haven't seen a version string of 2.01 pop up yet, but a
quick grep of my tracking log shows I've been visited by Navigator's
claiming to be:
Mozilla/2.1b1
Mozilla/3.0B1
Mozilla/2.0JavaB1 (Mac PPC)
all which allow "tracking".
However, I just noticed this one from yester:
Mozilla/2.1a0
which sent several empty query strings. However, it sent them to two
different hosts here at OSF.
