Chris Price asked :- > Is it just me, or does anyone else see this as a gaping security hole > for Netscape 4.5x users...... Well ... This was reported by Georgi Guninski in a Bugtraq posting dated 23rd.November,1998, under the subject line "Netscape Communicator 4.5 can read local files". A minor debate ensued about whether or not it was a serious issue, at the end of which everybody agreed that this was a real problem and plenty of exploit Javascripts had been written, some tailored to Windows Netscape and some to Unix Netscape. Ben Collins posted a challenge to the list on 25th.November,1998 to get someone to create a webpage which would read a file called "/test.txt" from his client machine, and Terence C Haddock managed to do that later the same day. The last posting I saw was on 28th.November,1998 when Todd Campbell wrote :- > Does anybody know what Netscape's stance is on this, do they have a timeline? ... and I thought that was a very good question. I've scoured Netscape's web site spaghetti, and can find no announcement one way or another as to whether or not they agree there is a problem, or whether they intend to fix it. I think it's pretty damn serious. I think it's pretty weird that Netscape don't even comment on the matter, either here or anywhere else. If Netscape *has* in fact commented, I'd be grateful if someone could point me to the right place. > Nick Boyce > [ Information Security Manager ] > Systems Team, EDS Healthcare, Bristol, UK >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:39:15 PDT