Bugtraq mailing list archives
Re: Another Netscape 4.07 cache reading bug
From: jkwilli2 () UNITY NCSU EDU (Ken Williams)
Date: Fri, 9 Oct 1998 00:22:12 -0400
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 8 Oct 1998, Georgi Guninski wrote:
| Date: Thu, 8 Oct 1998 22:20:19 -0400 | From: Georgi Guninski <guninski () USA NET> | To: BUGTRAQ () netspace org | Subject: Another Netscape 4.07 cache reading bug | | I have found a new bug in Netscape Communicator 4.07, 4.05 (probably others), | which allows reading the user's cache (the URLs the user has visited, including the info in GET forms). | The bug uses Javascript - a link to 'about:<SCRIPT>...javascript code...</SCRIPT>' does the work. | | A demo is available at: http://www.freeyellow.com/members5/guninski/ncache.html | | Part of the code is borrowed from Dan Brumleve <nothing () shout net>, for better goodies see: | http://www.shout.net/~nothing/son-of-cache-cow/index.html | Workaround: Disable Javascript. | | Regards, | Georgi Guninski | | | ____________________________________________________________________ | Get free e-mail and a permanent address at http://www.netaddress.com/?N=1 |
Hello, Netscape 4.05, 4.07 (and 3.01 and 3.0 Gold) for Solaris 2.51 and for Linux Red Hat 5.0 and 5.1 are NOT vulnerable to this bug. - -- Ken Williams Packet Storm Security http://www.Genocide2600.com/~tattooman/index.shtml E.H.A.P. Corporation http://www.ehap.org/ ehap () ehap org info () ehap org NCSU Comp Sci Dept http://www.csc.ncsu.edu/ jkwilli2 () adm csc ncsu edu PGP DSS/DH/RSA Keys http://www4.ncsu.edu/~jkwilli2/pgpkey/ __________________________________________________ Get Your Private, Free Email at http://www.nsa.gov -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQEVAwUBNh2PZZDw1ZsNz1IXAQFeWAf/XmotliDh4/S6trSfBn7C0EYrDesE2zPB g83VIWB7ShvMDX5BDXPYwnCeUA23xUpzaKw+b180KKIpwjsvO2umHd1VM59beOSZ shzfM6UtSrd89IGjN7UyPVAxhPfkY3H8sIY6nm8oAIPT/rAYEbbJdHO/UbCvtNk1 qAq7LVw4m9c4W5mFzqTM1HAzEsyUFWPusD6n1nviBDobY2EYrQi33iPTRpmaPru/ YPi9ppM2QRYiB1OqR7qlrzPX7tOBE2Lq1JO2tmVJ2LfpTs/5BC5dVhvkRE0Uzwhw NgyKr2F1s4Hvv1imnlrDni9sSfm9hCuqQiwNZ26vHaYlJP2aRAvDtw== =ZICv -----END PGP SIGNATURE-----
Current thread:
- Possible login name leak on SunOS 5.6, (continued)
- Possible login name leak on SunOS 5.6 Pete Krawczyk (Oct 12)
- Re: Redhat man exploit John Brahy (Oct 09)
- Overflow in zgv-4.1? onix (Oct 07)
- Re: Overflow in zgv-4.1? Paul Boehm (Oct 09)
- The Cuartango Security Hole in IE4 Aleph One (Oct 12)
- SCO Openserver 5.0.5 syn-floodable Eric (Oct 08)
- Re: linux 2.0.35 ip aliasing with aliased hwaddr pedward () WEBCOM COM (Oct 08)
- more Netscape 4.07 javascript security Max Vision (Oct 08)
- Re: more Netscape 4.07 javascript security Peter W (Oct 11)
- Another Netscape 4.07 cache reading bug Georgi Guninski (Oct 08)
- Re: Another Netscape 4.07 cache reading bug Ken Williams (Oct 08)