[3335] in WWW Security List Archive
Re: Java Script
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Tue Oct 22 21:19:13 1996
Date: Tue, 22 Oct 1996 15:54:21 -0700
From: Jeff Weinstein <jsw@netscape.com>
Reply-To: jsw@netscape.com
To: Royans K Tharakan <rkt@poboxes.com>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Royans K Tharakan wrote:
>
> Hi,
>
> Many of you must be knowing that there is a security bug in Netscape which
> allows the web page to send an E-Mail (and address goes along with it)
> without warning the user.
>
> I haven't tested it out yet... but it seems to be present in only Netscape
> 3.0.
>
> Could someone elaborate on this. I know how to do it... but I don't know
> which all browsers are at risk.
We found this problem a while ago, and it is fixed in
the 3.01 release. You now get the warning dialog for all
mailto: form submissions.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
