Possible Netscape / Mozilla bug

To: <debian-user@lists.debian.org>
Subject: Possible Netscape / Mozilla bug
From: Gordon Paynter <gordon.paynter@ucr.edu>
Date: Thu, 11 Jul 2002 19:00:20 -0700
Message-id: <[🔎] 3c1NhC.A.agH.3gjL9@murphy>
Reply-to: gordon.paynter@ucr.edu

Hi all, I've just resubscribed to this list to ask if anyone can
repeat some odd behaviour I'm seeing with Netscqpe & Mozilla, and can
suggest which I might file a bug against, if either.  Sorry if this
has been discussed before.


I'm using Woody on a generic system, but I have (as a regular,
non-root user) installed Mozilla 1.0 in my home account.  I also have
the standard netscape (ultimately, package communicator-smotif-477)
installed from Woody for testing purtposes.

My problem stems from the Netscape startup script.  This script is
written in such a way that if you have a version of Netscape running,
and you run "netscape" again at the command line, then instead of
loading another version of netscape, it simply opens a new window on
the existing process.  Also, if you run netscape at the command-line,
and you happen to have Mozilla already running, it does the same
thing: instead of running netscape again, it opens a new Mozilla
window for your use.  

(Note: this is very annoying.  If I wanted mozilla, I would have typed
"mozilla", not "netscape".  But that's not the problem.)

The problem is that when you run netscape and it connects to an
existing Mozilla process, it doesn't check which user is running that
existing process.  Worse, Mozilla gives it the window, even if the
user requesting thw window is different from the user running Mozilla.


So here is what happens.  I log in as user1 and run mozilla.  Later, I
open a new window and log in there as user2 (using the same machine
and the same DISPLAY).  As user2, I run "netscape" at the
command-line.  Rather than starting netscape, a new window is launched
for user1 from user2's process of Mozilla.

Obviously, this is bad.  Suppose user2 maliciously sets their display
to some other machine, and runs netscape.  Netscape has user1's
Mozilla launch a new window on the remote machine, and user2 has
access to user1's stored passwords etc.


Can anyone else verify this behaviour?  I think this is probably a
netscape bug (it should never have attempted to use another user's
process) and a Mozilla bug (it should never have launched a window for
the other user).  Either that, or its some sort of misconfiguration on
my part.  Any thoughts?


Gordon


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Possible Netscape / Mozilla bug
  - From: Shri Shrikumar <shri@urbyte.com>
- Re: Possible Netscape / Mozilla bug
  - From: "nate" <debian-user@aphroland.org>
- Re: Possible Netscape / Mozilla bug
  - From: Kevin Buhr <buhr@telus.net>

Prev by Date: Re: Weird message: "Suddenly the dungeon collapses. You die."
Next by Date: Re: Possible Netscape / Mozilla bug
Previous by thread: Re: Weird message: "Suddenly the dungeon collapses. You die."
Next by thread: Re: Possible Netscape / Mozilla bug
Index(es):
- Date
- Thread