[1746] in WWW Security List Archive
Re: Capturing E-Mail Address of
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Thu Mar 28 07:09:00 1996
Date: Thu, 28 Mar 1996 01:25:32 -0800
From: Jeff Weinstein <jsw@netscape.com>
Reply-To: jsw@netscape.com
To: Alan Olsen <alano@teleport.com>
CC: "Robert S. Muhlestein" <robertm@teleport.com>,
www-security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Alan Olsen wrote:
>
> At 10:08 PM 3/27/96 -0800, Jeff Weinstein wrote:
> >Robert S. Muhlestein wrote:
>
> >> I'm still able to snatch a few email addresses and full names from people
> >> running Netscape 2.x with JavaScript active:
> >
> > The bug is present in 2.0, but is fixed in 2.01.
>
> It is still possible under 2.01 to set up a button that will send mail via a
> ACTION=mailto form. Just sucker the user into pressing the button and you
> will get the address in your mailbox.
>
> It will not be immediate and it will not tie to the current process very
> well, but it will give you nice fodder for spam-like mailings and the like.
That is why we are adding a warning dialog for mailto: form posts in the
next release.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
