[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Netscape Communicator JavaScript in <TITLE>
From: Usman <akeju00 () IONAPREP ! ORG>
Date: 1999-05-26 2:32:25
[Download RAW message or body]
"John D. Hardin" wrote:
>
> On Mon, 24 May 1999, Georgi Guninski wrote:
>>snip!<<
> > The more dangerous part is that this vulnerability MAY BE EXPLOITED
> > USING HTML MAIL MESSAGE.
>
> ...unless you're sanitizing your email. Anybody using an HTML-enabled
> mail client should at least be aware of the availability of this tool:
>
> ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
>
> --
> John Hardin KA7OHZ jhardin@wolfenet.com
Or, just to add the said workaround, if you're only worried about email,
Netscape 4.5+ users can just disable JavaScript for Mail and News without
disabling JavaScript altoghether. I know there's still the meta refresh factor
for HTML-enabled mail clients, though. It would be, IMHO, a good idea for
Netscape to add a little "Disable/Enable HTML for Mail Messages" checkbox, don't
you think?
-Usman Akeju
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic