Fun_People Archive
18 Mar
Netscape 2.0 JavaScript security flaws


Date: Mon, 18 Mar 96 15:48:04 -0800
From: Peter Langston <psl>
To: Fun_People
Subject: Netscape 2.0 JavaScript security flaws

Forwarded-by: Scott Tinney <spyder@galaxy.galstar.com>

Checkout

http://www.osf.org/~loverso/javascript

tracks visitor's history.lst, logs user's HD dir structure, crashes
Netscape, coder-defined Alerts, etc.  I didn't try them all, but he has
found some interesting uses for JavaScript.  I haven't had time to check it
out w/ 2.01 yet.  I'd like to compile a summary of 2.01 anomalies.  Msg that
follows is where I got the URL.

>This is a copy of a message to ALL from CHRIS LEE
>    Originally posted in conference 0003 - COMPUTER on SBA
>I just saw the following on a local bbs, and checked out the site
>mentioned. Some really interesting stuff there, and should really
>give pause to those who claim browsing the WWW is safe. It might but
>the question is safe for whom?
>***************************************************************************
>
>Msg #:  2302                      I-NET Subboard
> From:  KIRK MUSE                 Sent: 03-06-96 15:28
>   To:  ALL                         Rcvd: 03-06-96 17:31
>   Re:  NETSCAPE 2.0
>
>Before everybody rushes right out and upgrades to 2.0 you may want to
>check out www.osf.org/~loverso/javascript.  If you dont already know
>the author of a web page can download a list of everything on your hard
>drive and even tell what pages you visit after you leave his.  Cool
>isn't it?  Netscape has released patches to prevent this but the
>author of the above mentioned page says and proves that some of their
>patches are BS.  If this is old news my apologies.


prev [=] prev © 1996 Peter Langston []