[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BIG NetScape Bug!!!!!!!!!!!!!!!!1 (fwd)

Yes, that is true.  This is precisely why this is not such a big deal
for us, although it may be for people running Windows...

Jim Michael <genepool@netcom.com> writes:

> On 19 Jun 1997, John Goerzen wrote:
> 
> > Let's not over-react, please.  This bug *only* allows people to see
> > files that the user running Netscape has access to, and *only* if it
> > already knows the names of these files.  On a Debian 1.3 machine,
> > which uses shadow passwords, essentially the only thing that would be
> > of use for people would be files in your home directory.  And since
> > there are no predictable patterns for these files, it would be
> > difficult to construct a web page that would cause serious harm.
> 
> NT and Win95 users are at risk since the OS is typically loaded into the 
> default directories and files such as those containing passwords are 
> susceptible to being accessed. Recommendation from NS is to turn off Java 
> Script and set the warn of sending secure data option until the patched 
> versions are released.
> 
> Cheers,
> 
> Jim
> 

-- 
John Goerzen          | Running Debian GNU/Linux (www.debian.org)
Custom Programming    | 
jgoerzen@complete.org | 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .
Reply to: