[10622] in bugtraq
Re: Netscape Communicator JavaScript in security</h2>
<h4>daemon@ATHENA.MIT.EDU (John D. Hardin)<br>Tue May 25 13:40:52 1999</h4>
<pre>Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990524101743.13038F-100000@gypsy.rubyriver.com>
Date: Mon, 24 May 1999 10:23:06 -0700
Reply-To: "John D. Hardin" <<A HREF="mailto:jhardin@WOLFENET.COM">jhardin@WOLFENET.COM</A>>
From: "John D. Hardin" <<A HREF="mailto:jhardin@WOLFENET.COM">jhardin@WOLFENET.COM</A>>
X-To: Georgi Guninski <joro@NAT.BG>
To: <A HREF="mailto:BUGTRAQ@NETSPACE.ORG">BUGTRAQ@NETSPACE.ORG</A>
In-Reply-To: <374936DD.77EC04C9@nat.bg>
On Mon, 24 May 1999, Georgi Guninski wrote:
> Vulnerabilities:
> * Reading user's cache and accessing information such as passwords,
> credit card numbers.
> * Reading info about the Netscape's configuration ("about:config").
> This includes finding user's email address, mail servers, the
> encoded mail password (it must me saved and may be decoded). This
> allows reading user's email.
>
> The more dangerous part is that this vulnerability MAY BE EXPLOITED
> USING HTML MAIL MESSAGE.
...unless you're sanitizing your email. Anybody using an HTML-enabled
mail client should at least be aware of the availability of this tool:
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
--
John Hardin KA7OHZ jhardin@wolfenet.com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
-----------------------------------------------------------------------
9 days until Crusade: the Babylon Project
</pre>
<hr>
<table border=0 cellspacing=0 cellpadding=1>
<tr align=center valign=center>
<td width=44><a href="/"><img src="/images/i-d.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="/help.html"><img src="/images/i-help.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="./?10622"><img src="/images/i-back.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="1"><img src="/images/i-first.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-fref.gif" alt="" width=40 height=40></td>
<td width=44><img src="/images/n-pref.gif" alt="" width=40 height=40></td>
<td width=44><a href="10621"><img src="/images/i-prev.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10623"><img src="/images/i-next.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10627"><img src="/images/i-nref.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10640"><img src="/images/i-lref.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="42493"><img src="/images/i-last.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-post.gif" alt="" width=40 height=40></td>
</tr><tr align=center valign=center><td><a href="/">home</a></td>
<td><a href="/help.html">help</a></td>
<td><a href="./?10622">back</a></td>
<td><a href="1">first</a></td>
<td>fref</td>
<td>pref</td>
<td><a href="10621">prev</a></td>
<td><a href="10623">next</a></td>
<td><a href="10627">nref</a></td>
<td><a href="10640">lref</a></td>
<td><a href="42493">last</a></td>
<td>post</td>
</tr></table>
</body></html>
