Doruk Fisek e Ozel Mesaj

Subject: Doruk Fisek e Ozel Mesaj
From: Koray Sonmezsoy (koray.sonmezsoy@cumhuriyet.com.tr)
Date: Sat 04 Dec 1999 - 15:04:55 EET

• Next message: Ozgur C. Demir: "Re: [LINUX:10840] Internet Explorer."
• Previous message: Cenk Kiran: "Re: [LINUX:10034] maile dosya ekleme"
• Next in thread: Mustafa Akgul: "Re: [LINUX:10849] Doruk Fisek e Ozel Mesaj"

Sadece okuyun.

                      Date: Tue, 1 Jun 1999 19:08:49 +0300

                      There is a security vulnerability in Netscape
Communicator 4.6 Win95, 4.07
                      Linux (probably all 4.x versions) in the way it
works with
                      "view-source:wysiwyg://1/javascript" URLs. It
parses them in a "view-source"
                      window. The problem is that it allows access to
documents included in the
                      parent document via ILAYER
SRC="view-source:wysiwyg://1/" using find(). That
                      allows reading the whole parsed document.

                      Vulnerabilites:

                       Browsing local directories
                       Reading user's cache
                       Reading parsed HTML files
                       Reading Netscape's configuration ("about:config")
including user's
                      email address, mail servers and password.
                       Probably others

 
 Listeden cikmak icin:
          unsub linux
 mesajini listeci@bilkent.edu.tr'a gonderiniz.
   Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
  Liste arsivinin adresi: http://listweb.bilkent.edu.tr/

• Next message: Ozgur C. Demir: "Re: [LINUX:10840] Internet Explorer."
• Previous message: Cenk Kiran: "Re: [LINUX:10034] maile dosya ekleme"
• Next in thread: Mustafa Akgul: "Re: [LINUX:10849] Doruk Fisek e Ozel Mesaj"