Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)

To: John Goerzen <jgoerzen@complete.org>
Cc: George Bonser <grep@oriole.sbay.org>, debian-user@lists.debian.org
Subject: Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
From: Jim Michael <genepool@netcom.com>
Date: Fri, 20 Jun 1997 04:10:12 -0700 (PDT)
Message-id: <[🔎] Pine.3.89.9706200429.A17475-0100000@netcom13>
In-reply-to: <[🔎] 87zpsmui18.fsf@glockenspiel.complete.org>

On 19 Jun 1997, John Goerzen wrote:

> Let's not over-react, please.  This bug *only* allows people to see
> files that the user running Netscape has access to, and *only* if it
> already knows the names of these files.  On a Debian 1.3 machine,
> which uses shadow passwords, essentially the only thing that would be
> of use for people would be files in your home directory.  And since
> there are no predictable patterns for these files, it would be
> difficult to construct a web page that would cause serious harm.

NT and Win95 users are at risk since the OS is typically loaded into the 
default directories and files such as those containing passwords are 
susceptible to being accessed. Recommendation from NS is to turn off Java 
Script and set the warn of sending secure data option until the patched 
versions are released.

Cheers,

Jim

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
  - From: Rick Hawkins <rhawkins@iastate.edu>
- Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
  - From: John Goerzen <jgoerzen@complete.org>

References:
- Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Mail Archives Stopped?
Next by Date: Re: Boot linux from two linux partition
Previous by thread: Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
Next by thread: Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
Index(es):
- Date
- Thread