On Mon, 24 May 1999, Georgi Guninski wrote:
> Vulnerabilities:
> * Reading user's cache and accessing information such as passwords,
> credit card numbers.
> * Reading info about the Netscape's configuration ("about:config").
> This includes finding user's email address, mail servers, the
> encoded mail password (it must me saved and may be decoded). This
> allows reading user's email.
>
> The more dangerous part is that this vulnerability MAY BE EXPLOITED
> USING HTML MAIL MESSAGE.
...unless you're sanitizing your email. Anybody using an HTML-enabled
mail client should at least be aware of the availability of this tool:
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
--
John Hardin KA7OHZ jhardinat_private
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
In the Lion
the Mighty Lion
the Zebra sleeps tonight...
Dee de-ee-ee-ee-ee de de de we um umma way!
-----------------------------------------------------------------------
9 days until Crusade: the Babylon Project
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:43 PDT