This may be old stuff, but it surprised me. I was just made aware that when someone clicks on a URL in an incoming message while reading mail in Netscape's reader, at least some versions of Netscape pass Refferer URLs in the following format to the server serving that URL: > mailbox:/pbhrzs0/u5_s0/user_e/e99406/nsmail/Inbox?id=199802152301.AAA10398at_private&number=2159429 > mailbox:/Power%20HD/System%20Folder/Preferences/Netscape%20Users/Brian/Mail/Jean%20Michel%20Jarre?id=19970825211854.31559at_private&number=2 > mailbox:/Harddisk/System%20Folder/Preferences/Netscape%20%C4/Mail/Jarre?id=199803172236.XAA18444at_private&number=307371 > mailbox:/Z|/perso/Mail/Inbox?id=199803172236.XAA18444at_private&number=203034 > mailbox:/home/fklee/nsmail/Inbox?id=199803172236.XAA18444at_private&number=361 Note that in some configurations the user name shows up in the mailbox path, along with information that might be usable for outside intrusions (such as Windows share names), and that the message-ID of the E-mail message shows. Maybe less surprising: It also passes file: URLs including the complete path if you click in a file that's on disk. This also seems to include, at least in some cases, the location of the bookmark file, including path. > file:///c%7C/Program%20Files/Netscape/Users/jurjen_vdbroeck/bookmark.htm This makes me even more happy to be running Junkbuster. -- Rop Gonggrijp <ropat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:47:19 PDT