'[ISN] JavaScript-in-cookies Netscape security hole'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] JavaScript-in-cookies Netscape security hole
From:       Bennett Haselton <bennett () PEACEFIRE ! ORG>
Date:       2000-04-19 15:19:39
[Download RAW message or body]

http://www.peacefire.org/security/jscookies/

If you have cookies and JavaScript turned on in Communicator 4.x, and
you're running a profile named "default" (most Communicator 4.x
installations are set up that way), a malicious Web site can read any HTML
file on your hard drive (including the user's bookmark file and cache files).

CNet has a write-up at:
http://news.cnet.com/news/0-1005-200-1717169.html

        -Bennett

bennett@peacefire.org     http://www.peacefire.org
(425) 649 9024

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic