[3311] in WWW Security List Archive
Re:Java Script
daemon@ATHENA.MIT.EDU (David Ray)
Sun Oct 20 16:45:40 1996
Date: Sun, 20 Oct 1996 11:17:23 -0700
To: www-security@ns2.rutgers.edu
From: daver@idiom.com (David Ray)
Cc: Royans K Tharakan <rkt@poboxes.com>
Errors-To: owner-www-security@ns2.rutgers.edu
At 8:31 AM 4/19/96, Royans K Tharakan wrote:
> Many of you must be knowing that there is a security bug in Netscape which
> allows the web page to send an E-Mail (and address goes along with it)
> without warning the user.
No, this is not correct. This bug existed in the short-lived Netscape
version 2.0 which was replaced by version 2.0.1 a long time ago (in Web
years).
All versions of Netscape since then put up a dialog box asking the user if
they are sure they want to send their email message, before it is sent.
I haven't tried it on MSIE, but I know all supported versions of Netscape
are free of this bug.
-Dave
