[390] in WWW Security List Archive
Re: What's the deal ?
daemon@ATHENA.MIT.EDU (jern@spaceaix.jhuapl.edu)
Wed Feb 15 12:31:42 1995
From: jern@spaceaix.jhuapl.edu
To: www-security@ns2.rutgers.edu
Date: Wed, 15 Feb 1995 08:40:11 -0500 (EST)
Cc: hallam@dxal18.cern.ch
In-Reply-To: <95Feb15.113019+0900_met.63660-3+16@dxal18.cern.ch> from "Phillip M. Hallam-Baker" at Feb 15, 95 11:30:10 am
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>
> There was a security bug in a modified version of a browser used by a
> company as part of their software distribution system. This effectively
> had the shell registered as the mime handler for the shell content type.
> Go figure.
Yes... one of the features of Mosaic we experimented with earlier. Worked
well with Macs and Windows. While it might be useful in a closed
environment someone might just load http://who.knows.where/format.exe.
Aka, hugh hole.
bob
