[10645] in bugtraq
Re: Netscape Communicator JavaScript in </h2>
<h4>daemon@ATHENA.MIT.EDU (Usman)<br>Wed May 26 14:52:52 1999</h4>
<pre>Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <374B5D39.20BA0672@ionaprep.org>
Date: Tue, 25 May 1999 22:32:25 -0400
Reply-To: Usman <<A HREF="mailto:akeju00@IONAPREP.ORG">akeju00@IONAPREP.ORG</A>>
From: Usman <<A HREF="mailto:akeju00@IONAPREP.ORG">akeju00@IONAPREP.ORG</A>>
X-To: "John D. Hardin" <jhardin@WOLFENET.COM>
To: <A HREF="mailto:BUGTRAQ@NETSPACE.ORG">BUGTRAQ@NETSPACE.ORG</A>
"John D. Hardin" wrote:
>
> On Mon, 24 May 1999, Georgi Guninski wrote:
>>snip!<<
> > The more dangerous part is that this vulnerability MAY BE EXPLOITED
> > USING HTML MAIL MESSAGE.
>
> ...unless you're sanitizing your email. Anybody using an HTML-enabled
> mail client should at least be aware of the availability of this tool:
>
> ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
>
> --
> John Hardin KA7OHZ jhardin@wolfenet.com
Or, just to add the said workaround, if you're only worried about email,
Netscape 4.5+ users can just disable JavaScript for Mail and News without
disabling JavaScript altoghether. I know there's still the meta refresh factor
for HTML-enabled mail clients, though. It would be, IMHO, a good idea for
Netscape to add a little "Disable/Enable HTML for Mail Messages" checkbox, don't
you think?
-Usman Akeju
</pre>
<hr>
<table border=0 cellspacing=0 cellpadding=1>
<tr align=center valign=center>
<td width=44><a href="/"><img src="/images/i-d.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="/help.html"><img src="/images/i-help.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="./?10645"><img src="/images/i-back.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="1"><img src="/images/i-first.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-fref.gif" alt="" width=40 height=40></td>
<td width=44><img src="/images/n-pref.gif" alt="" width=40 height=40></td>
<td width=44><a href="10644"><img src="/images/i-prev.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10646"><img src="/images/i-next.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-nref.gif" alt="" width=40 height=40></td>
<td width=44><img src="/images/n-lref.gif" alt="" width=40 height=40></td>
<td width=44><a href="42493"><img src="/images/i-last.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-post.gif" alt="" width=40 height=40></td>
</tr><tr align=center valign=center><td><a href="/">home</a></td>
<td><a href="/help.html">help</a></td>
<td><a href="./?10645">back</a></td>
<td><a href="1">first</a></td>
<td>fref</td>
<td>pref</td>
<td><a href="10644">prev</a></td>
<td><a href="10646">next</a></td>
<td>nref</td>
<td>lref</td>
<td><a href="42493">last</a></td>
<td>post</td>
</tr></table>
</body></html>
