[3320] in WWW Security List Archive
Re:Java Script
daemon@ATHENA.MIT.EDU (Francesco Iannuzzelli)
Mon Oct 21 22:32:47 1996
From: "Francesco Iannuzzelli" <ianosh@mv.itline.it>
To: www-security@ns2.rutgers.edu
Date: Tue, 22 Oct 1996 01:19:26 +0000
Errors-To: owner-www-security@ns2.rutgers.edu
Yes, the bug is present, only in Netscape 3.0.
Don't believe? Go to my homepage (in the signature) and enter the
Java-Jive page; you will see it at work!
In that page there are also some cookies but they are not involved
in this "feature".
Whenever you enter the page, an e-mail is sent to me without asking
you for permission; the message I'll receive will include the address
(user and smtp server) you've specified in Netscape preferences.
Settings about alerts don't work with this bug.
The only way you can realize what's happening is the presence of a
button in the page (it could be hidden...) and the status bar showing
the connection with your mail server (it could be hidden too...).
This works only in Netscape 3.0, in 3.01 the user is alerted before.
You can get the javascript code if you want, I found it somewhere else
on the web and rearranged it.
Bye!
PS
Don't worry, I'll not preserve the messages sent to me in this
"buggy" way, I'm not interested in collecting e-mail addresses...
_) |
| _` | __ \ _ \ __| __ \ Francesco Iannuzzelli
| ( | | | ( |\__ \ | | | ianosh@mv.itline.it
_|\__,_|_| _|\___/ ____/_| |_| PGP keyID: 0xE01BCA6D
======================================================
HomePage: http://www.geocities.com/CapeCanaveral/4016/
<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>
"Gli dei sono dalla nostra parte,
ma ora noi, noi dobbiamo fare la nostra parte"
