[82] in Best-of-Security
BoS: Re: SERIOUS HOLE IN NETSCAPE/SHOCKWAVE
daemon@ATHENA.MIT.EDU (Russ)
Mon Mar 17 07:37:26 1997
Date: Sun, 16 Mar 1997 18:29:53 -0500
Reply-To: Windows NT BugTraq Mailing List <NTBUGTRAQ@RC.ON.CA>,
Russ <Russ.Cooper@RC.ON.CA>
From: Russ <Russ.Cooper@RC.ON.CA>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
Its important to point out that so far the exploit is limited to reading
email which the browser can read, so if you use a separate mail client
rather than your browser, there's no indication that Shockwave can have
any access to it.
Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security
NTBugTraq mailing list:
Send SUBSCRIBE NTBUGTRAQ Yourname to Listserv@rc.on.ca
> ----------
> From:
> ntsecurity@THEPENTAGON.COM[SMTP:ntsecurity@THEPENTAGON.COM]
> Reply To: Windows NT BugTraq Mailing
> List;ntsecurity@THEPENTAGON.COM
> Sent: Friday, March 14, 1997 4:16 PM
> To: NTBUGTRAQ@RC.ON.CA
> Subject: SERIOUS HOLE IN NETSCAPE/SHOCKWAVE
> Importance: High
>
> A new security was found in Netscape browsers, and possibly affects IE
> users as well.
> Shockwave lets a person read a user's email, and forward it out to
> places on the net at will - and
> according to one person, it looks like Java may allow this same thing
> to happen as well.
>
> I've mirrored the original page here due to traffic loads over there:
> http://www.ntshop.net/security/shockwave.htm
>
> and the original post is here: http://www.webcomics.com/shockwave
>
> MJE
>
