[10627] in bugtraq
Re: Netscape Communicator JavaScript in security</h2>
<h4>daemon@ATHENA.MIT.EDU (Brett Glass)<br>Tue May 25 15:07:24 1999</h4>
<pre>Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <4.2.0.37.19990525122917.00d0bcd0@localhost>
Date: Tue, 25 May 1999 12:30:52 -0600
Reply-To: Brett Glass <<A HREF="mailto:brett@LARIAT.ORG">brett@LARIAT.ORG</A>>
From: Brett Glass <<A HREF="mailto:brett@LARIAT.ORG">brett@LARIAT.ORG</A>>
X-To: "John D. Hardin" <jhardin@WOLFENET.COM>
To: <A HREF="mailto:BUGTRAQ@NETSPACE.ORG">BUGTRAQ@NETSPACE.ORG</A>
In-Reply-To: <Pine.LNX.3.96.990524101743.13038F-100000@gypsy.rubyriver.c om>
John's recipes are great tools; we recommend them. Only one problem:
Procmail does not work on NetNews. (If this exploit works in mail it
almost certainly works in news.... Scary thought.)
--Brett Glass
At 10:23 AM 5/24/99 -0700, John D. Hardin wrote:
>On Mon, 24 May 1999, Georgi Guninski wrote:
>
> > Vulnerabilities:
> > * Reading user's cache and accessing information such as passwords,
> > credit card numbers.
> > * Reading info about the Netscape's configuration ("about:config").
> > This includes finding user's email address, mail servers, the
> > encoded mail password (it must me saved and may be decoded). This
> > allows reading user's email.
> >
> > The more dangerous part is that this vulnerability MAY BE EXPLOITED
> > USING HTML MAIL MESSAGE.
>
>...unless you're sanitizing your email. Anybody using an HTML-enabled
>mail client should at least be aware of the availability of this tool:
>
> ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
>
>--
> John Hardin KA7OHZ jhardin@wolfenet.com
> pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
> PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
>-----------------------------------------------------------------------
> In the Lion
> the Mighty Lion
> the Zebra sleeps tonight...
> Dee de-ee-ee-ee-ee de de de we um umma way!
>-----------------------------------------------------------------------
> 9 days until Crusade: the Babylon Project
</pre>
<hr>
<table border=0 cellspacing=0 cellpadding=1>
<tr align=center valign=center>
<td width=44><a href="/"><img src="/images/i-d.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="/help.html"><img src="/images/i-help.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="./?10627"><img src="/images/i-back.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="1"><img src="/images/i-first.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10622"><img src="/images/i-fref.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10622"><img src="/images/i-pref.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10626"><img src="/images/i-prev.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10628"><img src="/images/i-next.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10640"><img src="/images/i-nref.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10640"><img src="/images/i-lref.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="42493"><img src="/images/i-last.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-post.gif" alt="" width=40 height=40></td>
</tr><tr align=center valign=center><td><a href="/">home</a></td>
<td><a href="/help.html">help</a></td>
<td><a href="./?10627">back</a></td>
<td><a href="1">first</a></td>
<td><a href="10622">fref</a></td>
<td><a href="10622">pref</a></td>
<td><a href="10626">prev</a></td>
<td><a href="10628">next</a></td>
<td><a href="10640">nref</a></td>
<td><a href="10640">lref</a></td>
<td><a href="42493">last</a></td>
<td>post</td>
</tr></table>
</body></html>
