Subject: Doruk Fisek e Ozel Mesaj
From: Koray Sonmezsoy (koray.sonmezsoy@cumhuriyet.com.tr)
Date: Sat 04 Dec 1999 - 15:04:55 EET
Sadece okuyun.
Date: Tue, 1 Jun 1999 19:08:49 +0300
There is a security vulnerability in Netscape
Communicator 4.6 Win95, 4.07
Linux (probably all 4.x versions) in the way it
works with
"view-source:wysiwyg://1/javascript" URLs. It
parses them in a "view-source"
window. The problem is that it allows access to
documents included in the
parent document via ILAYER
SRC="view-source:wysiwyg://1/" using find(). That
allows reading the whole parsed document.
Vulnerabilites:
Browsing local directories
Reading user's cache
Reading parsed HTML files
Reading Netscape's configuration ("about:config")
including user's
email address, mail servers and password.
Probably others
Listeden cikmak icin:
unsub linux
mesajini listeci@bilkent.edu.tr'a gonderiniz.
Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
Liste arsivinin adresi: http://listweb.bilkent.edu.tr/