Re: Netscape upgrade

From: Georgi Guninski (guninskiat_private)
Date: Tue Mar 16 1999 - 11:09:41 PST

Next message: Chris Price: "Re: Netscape upgrade"

Previous message: aleph1at_private: "Microsoft Security Bulletin (MS99-009)"
Maybe in reply to: Keith Young: "Netscape upgrade"
Next in thread: Chris Price: "Re: Netscape upgrade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>FYI...
>
>Netscape has released version 4.51 of Communicator. It seems to fix the
>window spoofing bug ( http://www.geek-girl.com/bugtraq/1999_1/0747.html
),
>along with the javascript bugs that can be used to read local files
from
>your hard drive. I verifed this by trying the exploits at
>http://www.whitehats.com/guninski/netscape.html
>

Netscape Communicator is a great product. Sure, it has great security
improvements. I like and use it. But it does not fix all of the exploits
at http://www.whitehats.com/guninski/netscape.html. I have tested (NC
4.51 Win95) and had some reports that the exploit
http://www.whitehats.com/guninski/nsfind.html (or
http://www.nat.bg/~joro/nsfind.html) still works on Netscape
Communicator 4.51. I would recommend still disabling JavaScript when
browsing untrusted sites.

Excuse me, if I am wrong.

Regards,
Georgi Guninski

Get Your Private, Free Email at http://www.hotmail.com

Next message: Chris Price: "Re: Netscape upgrade"
Previous message: aleph1at_private: "Microsoft Security Bulletin (MS99-009)"
Maybe in reply to: Keith Young: "Netscape upgrade"
Next in thread: Chris Price: "Re: Netscape upgrade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:39:10 PDT