[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] JavaScript-in-cookies Netscape security hole
From: Bennett Haselton <bennett () PEACEFIRE ! ORG>
Date: 2000-04-19 15:19:39
[Download RAW message or body]
http://www.peacefire.org/security/jscookies/
If you have cookies and JavaScript turned on in Communicator 4.x, and
you're running a profile named "default" (most Communicator 4.x
installations are set up that way), a malicious Web site can read any HTML
file on your hard drive (including the user's bookmark file and cache files).
CNet has a write-up at:
http://news.cnet.com/news/0-1005-200-1717169.html
-Bennett
bennett@peacefire.org http://www.peacefire.org
(425) 649 9024
ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic