>FYI... > >Netscape has released version 4.51 of Communicator. It seems to fix the >window spoofing bug ( http://www.geek-girl.com/bugtraq/1999_1/0747.html ), >along with the javascript bugs that can be used to read local files from >your hard drive. I verifed this by trying the exploits at >http://www.whitehats.com/guninski/netscape.html > Netscape Communicator is a great product. Sure, it has great security improvements. I like and use it. But it does not fix all of the exploits at http://www.whitehats.com/guninski/netscape.html. I have tested (NC 4.51 Win95) and had some reports that the exploit http://www.whitehats.com/guninski/nsfind.html (or http://www.nat.bg/~joro/nsfind.html) still works on Netscape Communicator 4.51. I would recommend still disabling JavaScript when browsing untrusted sites. Excuse me, if I am wrong. Regards, Georgi Guninski Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:39:10 PDT