[8653] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Todd C. Campbell)
Mon Nov 30 22:55:01 1998
Date: Mon, 30 Nov 1998 10:29:59 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Todd C. Campbell" <toddc@SERV01.NET-LINK.NET>
X-To: Trev <trev@KICS.BC.CA>
To: BUGTRAQ@NETSPACE.ORG
Trev wrote:
> At 12:48 PM 11/25/98 -0500, Ben Collins wrote:
> >If some one here can setup a webpage, send me the URL, have that page read
> >the file '/test.txt' from my hardrive and then that person send the
> >contents to this list, I will believe. Otherwise I think this whole
> >hysteria over 'unforseen' dangers should stop.
>
> I've whipped up a couple of demos of this bug that send the contents to a
> cgi. There is a windows version that I know works, and a unix version I
> can't test because my linux box is down (it's a hardware thing). This is
> for anyone who has doubts....
>
> http://www.kics.bc.ca/~trev/cgi-bin/test.html (Windoze)
>
> http://www.kics.bc.ca/~trev/cgi-bin/test-unix.html (UNIX)
>
> And yes, it can email it to you if you like :)
>
> Trev
Does anybody know what Netscape's stance is on this, do they have a timeline?
-Todd
