Re: Potential disclosure of sensitive information in Netscape 7.0 email client

From: Markus Gaugusch (markusat_private)
Date: Sat Jan 04 2003 - 10:37:27 PST

Next message: D4rkGr3y: "[VulnWatch] CuteFTP: buffer overflow"

Previous message: D4rkGr3y: "[VulnWatch] AN HTTPd v.1.41e: DoS, CSS, real patch attack"
In reply to: Blud Clot: "Re: Potential disclosure of sensitive information in Netscape 7.0 email client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jan 2, Blud Clot <bludclotat_private> wrote:
> I noticed this a while ago with netscape 4.x and those versions are
> still vulnerable as well. I've never checked 6.x.

I don't think this is a real vulnerability. The function says "delete" and
not "destroy". We all know, that data can be recovered after deletion.
The docs should be updated a little bit, but people who rely on the delete
features of their email client for security reasons can't be taken
seriously.

Markus Gaugusch
-- 
__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markusat_private     X     Against HTML Mail
                      / \

Next message: D4rkGr3y: "[VulnWatch] CuteFTP: buffer overflow"
Previous message: D4rkGr3y: "[VulnWatch] AN HTTPd v.1.41e: DoS, CSS, real patch attack"
In reply to: Blud Clot: "Re: Potential disclosure of sensitive information in Netscape 7.0 email client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 04 2003 - 13:35:58 PST