Bugtraq mailing list archives
Re: Netscape upgrade
From: cprice () ITS TO (Chris Price)
Date: Tue, 16 Mar 1999 11:01:21 -0600
I downloaded and installed Netscape 4.51 and I can still run the Javascript exploit that allows access to my harddrive... Is it just me, or does anyone else see this as a gaping security hole for Netscape 4.5x users...... Chris Keith Young wrote:
FYI... Netscape has released version 4.51 of Communicator. It seems to fix the window spoofing bug ( http://www.geek-girl.com/bugtraq/1999_1/0747.html ), along with the javascript bugs that can be used to read local files from your hard drive. I verifed this by trying the exploits at http://www.whitehats.com/guninski/netscape.htmlFrom their release notes page (http://home.netscape.com/eng/mozilla/4.5/relnotes/windows-4.51.html ) "Fixes to improve security; in particular, the frame-spoofing vulnerability problem ( http://home.netscape.com/products/security/resources/bugs/framespoofing.htm l )has been fixed" You can download version 4.51 at: http://www.netscape.com/download/ --Keith Young -youngk () ttc com
Current thread:
- Netscape upgrade Keith Young (Mar 15)
- <Possible follow-ups>
- Re: Netscape upgrade Chris Price (Mar 16)
- Re: Netscape upgrade Georgi Guninski (Mar 16)