[8291] in bugtraq
JavaScript and Netscape 4.5
daemon@ATHENA.MIT.EDU (Jukka Suomela)
Mon Oct 26 13:05:24 1998
Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Date: Sun, 25 Oct 1998 10:58:52 +0200
Reply-To: Jukka Suomela <jukka-bt@NARNIA.TKY.HUT.FI>
From: Jukka Suomela <jukka-bt@NARNIA.TKY.HUT.FI>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199810240023.UAA04610@smb.research.att.com>; from Steven M.
Bellovin on Fri, Oct 23, 1998 at 08:23:18PM -0400
On Fri, Oct 23, 1998 at 08:23:18PM -0400, Steven M. Bellovin wrote:
> I also have indications that under BSD/OS 4.0, Communicator 4.5 does
> not disable Javascript, no matter what the setting. Can anyone
> confirm that on other platforms? (Not surprisingly, I immediately
> deleted 4.5...)
While I was testing Netscape 4.5PR1 on both Linux and Windows 95, I
found an odd behaviour.
If you disable the JavaScript and restart the browser, the "Enable
JavaScript" check-box is disabled. However, JavaScript still works.
The workaround is to enable JavaScript and then disable it again,
every time after starting the browser.
I sent feedback about this bug to Netscape. 4.5PR2 was still broken on
both platforms. It seems that 4.5 works correctly on the Windows
platform but Linux-glibc2 version is still broken.
IMO this is a security problem: if you disable the JavaScript you
usually think that you aren't vulnerable to any JavaScript related
bugs.
