[3325] in WWW Security List Archive
Re:Java Script
daemon@ATHENA.MIT.EDU (Francesco Iannuzzelli)
Tue Oct 22 10:51:56 1996
From: "Francesco Iannuzzelli" <ianosh@mv.itline.it>
To: www-security@ns2.rutgers.edu
Date: Tue, 22 Oct 1996 14:31:59 +0000
Errors-To: owner-www-security@ns2.rutgers.edu
Yes, the bug is present, only in Netscape 3.0.
Don't believe? Go to my homepage (in the signature) and enter the
Java-Jive page; you will see it at work! In that page there are also
some cookies but they are not involved in this "feature".
Whenever you enter the page, an e-mail is sent to me without asking
you for permission; the message I'll receive will include the address
(user and smtp server) you've specified in Netscape preferences.
Settings about alerts don't work with this bug. The only way you can
realize what's happening is the presence of a button in the page (it
could be hidden...) and the status bar showing the connection with
your mail server (it could be hidden too...).
This works only in Netscape 3.0, in 3.01 the user is alerted before.
You can get the javascript code if you want, I found it somewhere
else on the web and rearranged it.
Bye!
PS
Don't worry, I'll not preserve the messages sent to me in this
"buggy" way, I'm not interested in collecting e-mail addresses...
_) |
| _` | __ \ _ \ __| __ \ Francesco Iannuzzelli
| ( | | | ( |\__ \ | | | ianosh@mv.itline.it
_|\__,_|_| _|\___/ ____/_| |_| PGP keyID: 0xE01BCA6D
======================================================
HomePage: http://www.geocities.com/CapeCanaveral/4016/
<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>
"Gli dei sono dalla nostra parte,
ma ora noi, noi dobbiamo fare la nostra parte"
