Mike Dion wrote: > Netscape Navigator Version 3.01 is vulnerable too... > I didn't test any other netscape versions... Netscape Navigator/Communicator 4.0.4 seems not to be, and it causes the javascript error "JavaScript Error: illegal URL method 'file:' " > At 04:33 98-09-05 -0400, Georgi Guninski wrote: > >There is a bug in Internet Explorer 3, 4.0, 4.01 (for version information > see Microsoft's info below), > >which allows a specially designed web page to read text or HTML files from > the user's computer > >and send their contents to an arbitrary host, even if the user is behind > firewall. The bug uses Javascript and > >the file name and location must be known. > >Demonstration of this is available at: > http://www.geocities.com/ResearchTriangle/1711/good-read.html > > > >Workaround: Disable Javascript. > >Microsoft has released a patch at: > http://www.microsoft.com/security/bulletins/ms98-013.htm > > > >Georgi Guninski > >http://www.geocities.com/ResearchTriangle/1711 -- 17C1 6CBC 214C EF1E E28D 42FD 2B1E A12A FEF2 25AB (DiffieHellman) Adapt or perish --------- Frank Baxter, Jeffries & Co. shrdluat_private, shrdluat_private, shrdluat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:00 PDT