[1743] in WWW Security List Archive
Re: Capturing E-Mail Address of
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Thu Mar 28 04:13:49 1996
Date: Wed, 27 Mar 1996 22:08:54 -0800
From: Jeff Weinstein <jsw@netscape.com>
Reply-To: jsw@netscape.com
To: "Robert S. Muhlestein" <robertm@teleport.com>
CC: www-security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Robert S. Muhlestein wrote:
>
> On 27 Mar 1996, Matthew Lewis wrote:
>
> > >From my HTTP server, what information can be captured, without prompting a
> > user, by a CGI script or Java applet? I am aware of the the information in
> > the log file, but I am interested in any other information that might be sent
> > by a web browser, specifically a user's e-mail address. Any help would be
> > appreciated.
>
> I'm still able to snatch a few email addresses and full names from people
> running Netscape 2.x with JavaScript active:
The bug is present in 2.0, but is fixed in 2.01.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
