I downloaded and installed Netscape 4.51 and I can still run the Javascript exploit that allows access to my harddrive... Is it just me, or does anyone else see this as a gaping security hole for Netscape 4.5x users...... Chris Keith Young wrote: > FYI... > > Netscape has released version 4.51 of Communicator. It seems to fix the > window spoofing bug ( http://www.geek-girl.com/bugtraq/1999_1/0747.html ), > along with the javascript bugs that can be used to read local files from > your hard drive. I verifed this by trying the exploits at > http://www.whitehats.com/guninski/netscape.html > > >From their release notes page ( > http://home.netscape.com/eng/mozilla/4.5/relnotes/windows-4.51.html ) > "Fixes to improve security; in particular, the frame-spoofing > vulnerability problem ( > http://home.netscape.com/products/security/resources/bugs/framespoofing.htm > l )has been fixed" > > You can download version 4.51 at: > http://www.netscape.com/download/ > > --Keith Young > -youngkat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:39:10 PDT