"John D. Hardin" wrote: > > On Mon, 24 May 1999, Georgi Guninski wrote: >>snip!<< > > The more dangerous part is that this vulnerability MAY BE EXPLOITED > > USING HTML MAIL MESSAGE. > > ...unless you're sanitizing your email. Anybody using an HTML-enabled > mail client should at least be aware of the availability of this tool: > > ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html > > -- > John Hardin KA7OHZ jhardinat_private Or, just to add the said workaround, if you're only worried about email, Netscape 4.5+ users can just disable JavaScript for Mail and News without disabling JavaScript altoghether. I know there's still the meta refresh factor for HTML-enabled mail clients, though. It would be, IMHO, a good idea for Netscape to add a little "Disable/Enable HTML for Mail Messages" checkbox, don't you think? -Usman Akeju
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:17 PDT