[1747] in WWW Security List Archive
Re: Capturing E-Mail Address of
daemon@ATHENA.MIT.EDU (Alan Olsen)
Thu Mar 28 07:10:42 1996
Date: Thu, 28 Mar 1996 01:15:06 -0800
To: jsw@netscape.com, "Robert S. Muhlestein" <robertm@teleport.com>
From: Alan Olsen <alano@teleport.com>
Cc: www-security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
At 10:08 PM 3/27/96 -0800, Jeff Weinstein wrote:
>Robert S. Muhlestein wrote:
>> I'm still able to snatch a few email addresses and full names from people
>> running Netscape 2.x with JavaScript active:
>
> The bug is present in 2.0, but is fixed in 2.01.
It is still possible under 2.01 to set up a button that will send mail via a
ACTION=mailto form. Just sucker the user into pressing the button and you
will get the address in your mailbox.
It will not be immediate and it will not tie to the current process very
well, but it will give you nice fodder for spam-like mailings and the like.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
`finger -l alano@teleport.com` for PGP 2.6.2 key
http://www.teleport.com/~alano/
"We had to destroy the Internet in order to save it." - Sen. Exon
