[8346] in bugtraq
Re: Javascript bug in Netscape Communicator 4.5
daemon@ATHENA.MIT.EDU (Willy TARREAU)
Fri Oct 30 16:34:30 1998
Date: Thu, 29 Oct 1998 11:59:05 +0100
Reply-To: Willy TARREAU <tarreau@AEMIAIF.LIP6.FR>
From: Willy TARREAU <tarreau@AEMIAIF.LIP6.FR>
X-To: guninski@HOTMAIL.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981028182202.13038.qmail@hotmail.com> from "Georgi Guninski"
at Oct 28, 98 10:22:02 am
>
> There is a bug in Netscape Communicator 4.5, 4.07, 3.04 under Windows 95
> (probably others) which allows reading user's cache (the urls the user
> has
> visited, including the info in GET forms). Reading local directories
> content
> is also allowed. This info may be sent to an arbitrary host.
> The bug may be exploited by email.
it also works under Linux, and probably other Unixes as demonstrated by the
slightly modified copy I've made from your page which can be accessed at :
http://www-miaif.lip6.fr/willy/security/netscape.html
> Workaround: Disable Javascript.
> Regards,
> Georgi Guninski
> http://www.geocities.com/ResearchTriangle/1711/
>
Willy
--
+----------------------------------------------------------------------------+
| Willy Tarreau - tarreau@aemiaif.lip6.fr - http://www-miaif.lip6.fr/willy/ |
| System and Network Engineer at NOVECOM ( France ) - http://www.novecom.fr/ |
| Magistere d'Informatique Appliquee de l'Ile de France ( MIAIF ), Year 1997 |
+----------------------------------------------------------------------------+
