[3306] in WWW Security List Archive
Re: Java Script
daemon@ATHENA.MIT.EDU (kanzie)
Sun Oct 20 08:57:46 1996
Date: Sun, 20 Oct 1996 12:04:44 +0200 (MET DST)
From: kanzie <kanzie@wargentin.ostersund.se>
To: Royans K Tharakan <rkt@poboxes.com>
cc: www-security <www-security@ns2.rutgers.edu>
In-Reply-To: <3.0b35.32.19960419023922.006a67f0@arbornet.org>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 19 Apr 1996, Royans K Tharakan wrote:
> Hi,
>
> Many of you must be knowing that there is a security bug in Netscape which
> allows the web page to send an E-Mail (and address goes along with it)
> without warning the user.
>
> I haven't tested it out yet... but it seems to be present in only Netscape
> 3.0.
>
> Could someone elaborate on this. I know how to do it... but I don't know
> which all browsers are at risk.
>
>
Hello!
This was a "bug" ? in NE2.0 which they tried to fix with the 2.01 -
2.02 patches! I am very concerned to here more about this bug when I
think that this is a big sequrity-flaw! How did you dicouver it and is it
still the post command that fails?!
//Christian
