>I have just tested this bug in Netscape 4.5 on a RedHat Linux 5.1 machine, >Kermel 2.0.34 and with minor patching of the java, it is also effective. I >was sucessful in retrieving ANY LOCAL FILE with the World readable >attribute. This includes the /etc/passwd file! In netscape, >Edit>Preferences>Advanced>Disable Javascript in Mail and News will block >this exploit, unless the person has access to your web server. I tried it with Kernel 2.0.35 and Netscape 4.08. java40.jar is 1886016 bytes Okt 13 19:14 All I get is this Message : JavaScript Error: uncaught Java exception netscape/security/AppletSecurityException ("security.checkread: Read of '/tmp/test' not permitted")
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:16 PDT