[9937] in bugtraq
Re: Netscape upgrade
daemon@ATHENA.MIT.EDU (Georgi Guninski)
Wed Mar 17 01:17:11 1999
Date: Tue, 16 Mar 1999 11:09:41 PST
Reply-To: Georgi Guninski <guninski@HOTMAIL.COM>
From: Georgi Guninski <guninski@HOTMAIL.COM>
X-To: youngk@TTC.COM
To: BUGTRAQ@NETSPACE.ORG
>FYI...
>
>Netscape has released version 4.51 of Communicator. It seems to fix the
>window spoofing bug ( http://www.geek-girl.com/bugtraq/1999_1/0747.html
),
>along with the javascript bugs that can be used to read local files
from
>your hard drive. I verifed this by trying the exploits at
>http://www.whitehats.com/guninski/netscape.html
>
Netscape Communicator is a great product. Sure, it has great security
improvements. I like and use it. But it does not fix all of the exploits
at http://www.whitehats.com/guninski/netscape.html. I have tested (NC
4.51 Win95) and had some reports that the exploit
http://www.whitehats.com/guninski/nsfind.html (or
http://www.nat.bg/~joro/nsfind.html) still works on Netscape
Communicator 4.51. I would recommend still disabling JavaScript when
browsing untrusted sites.
Excuse me, if I am wrong.
Regards,
Georgi Guninski
Get Your Private, Free Email at http://www.hotmail.com
