There is a bug in Netscape Communicator 4.6 Win95, 4.07 Linux (probably all 4.x are affected), which allows sniffing URLs from another window. The problem is the injection of JavaScript code in the JavaScript console using the "data:" protocol. Access to document.links is disallowed in NC 4.6, but the document may be read using find(). For more information, examine the source. Workaround: Disable Javascript. Demonstration is available at: http://www.nat.bg/~joro/datatrack.html Regards, Georgi Guninski http://www.nat.bg/~joro http://www.whitehats.com/guninski
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:16 PDT