On Mon, 24 May 1999, Georgi Guninski wrote: > Vulnerabilities: > * Reading user's cache and accessing information such as passwords, > credit card numbers. > * Reading info about the Netscape's configuration ("about:config"). > This includes finding user's email address, mail servers, the > encoded mail password (it must me saved and may be decoded). This > allows reading user's email. > > The more dangerous part is that this vulnerability MAY BE EXPLOITED > USING HTML MAIL MESSAGE. ...unless you're sanitizing your email. Anybody using an HTML-enabled mail client should at least be aware of the availability of this tool: ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html -- John Hardin KA7OHZ jhardinat_private pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- In the Lion the Mighty Lion the Zebra sleeps tonight... Dee de-ee-ee-ee-ee de de de we um umma way! ----------------------------------------------------------------------- 9 days until Crusade: the Babylon Project
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:43 PDT