> > There is a bug in Netscape Communicator 4.5, 4.07, 3.04 under Windows 95 > (probably others) which allows reading user's cache (the urls the user > has > visited, including the info in GET forms). Reading local directories > content > is also allowed. This info may be sent to an arbitrary host. > The bug may be exploited by email. it also works under Linux, and probably other Unixes as demonstrated by the slightly modified copy I've made from your page which can be accessed at : http://www-miaif.lip6.fr/willy/security/netscape.html > Workaround: Disable Javascript. > Regards, > Georgi Guninski > http://www.geocities.com/ResearchTriangle/1711/ > Willy -- +----------------------------------------------------------------------------+ | Willy Tarreau - tarreauat_private - http://www-miaif.lip6.fr/willy/ | | System and Network Engineer at NOVECOM ( France ) - http://www.novecom.fr/ | | Magistere d'Informatique Appliquee de l'Ile de France ( MIAIF ), Year 1997 | +----------------------------------------------------------------------------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:21:29 PDT