Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)
Yes, that is true. This is precisely why this is not such a big deal
for us, although it may be for people running Windows...
Jim Michael <genepool@netcom.com> writes:
> On 19 Jun 1997, John Goerzen wrote:
>
> > Let's not over-react, please. This bug *only* allows people to see
> > files that the user running Netscape has access to, and *only* if it
> > already knows the names of these files. On a Debian 1.3 machine,
> > which uses shadow passwords, essentially the only thing that would be
> > of use for people would be files in your home directory. And since
> > there are no predictable patterns for these files, it would be
> > difficult to construct a web page that would cause serious harm.
>
> NT and Win95 users are at risk since the OS is typically loaded into the
> default directories and files such as those containing passwords are
> susceptible to being accessed. Recommendation from NS is to turn off Java
> Script and set the warn of sending secure data option until the patched
> versions are released.
>
> Cheers,
>
> Jim
>
--
John Goerzen | Running Debian GNU/Linux (www.debian.org)
Custom Programming |
jgoerzen@complete.org |
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: