Bugtraq mailing list archives
Re: more Netscape 4.07 javascript security
From: peterw () CLARK NET (Peter W)
Date: Sun, 11 Oct 1998 18:12:18 -0400
On Thu, 8 Oct 1998, Max Vision wrote:
I've found that the best interim fix is to clear your cache, and then set both disk and memory cache sizes to zero. If you don't like this then you have alternatives:
UNIX users should also consider running a local caching proxy server like Squid. Then you can set the browser's cache sizes to zero with minimal problems. This also helps limit the amount of cache disk space needed if you have more than one user; no longer will each person cache their own set of Slashdot graphics. And obviously this would also help with all the cache exploit problems that have crept up from time to time with both Navigator and MSIE. Users already behind proxy servers (e.g. at work) might see only a slight performance hit for going "cacheless" though the proxy logs may show more activity from your workstation. That would be a "job security" issue then... -Peter Squid can be got from http://squid.nlanr.net/Squid/
Current thread:
- Computer Security Day (DISC 98) in Mexico, (continued)
- Computer Security Day (DISC 98) in Mexico Area de Seguridad en Computo (Oct 12)
- Re: Redhat man exploit Mike (Oct 12)
- Possible login name leak on SunOS 5.6 Pete Krawczyk (Oct 12)
- Re: Redhat man exploit John Brahy (Oct 09)
- Overflow in zgv-4.1? onix (Oct 07)
- Re: Overflow in zgv-4.1? Paul Boehm (Oct 09)
- The Cuartango Security Hole in IE4 Aleph One (Oct 12)
- SCO Openserver 5.0.5 syn-floodable Eric (Oct 08)
- Re: linux 2.0.35 ip aliasing with aliased hwaddr pedward () WEBCOM COM (Oct 08)
- more Netscape 4.07 javascript security Max Vision (Oct 08)
- Re: more Netscape 4.07 javascript security Peter W (Oct 11)
- Another Netscape 4.07 cache reading bug Georgi Guninski (Oct 08)
- Re: Another Netscape 4.07 cache reading bug Ken Williams (Oct 08)