[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sicherheitluecke in Netscape 2.0



aus: Edupage, 7 March 1996

NEW NETSCAPE NAVIGATOR BUGS DISCOVERED
Two researchers at the Open Software Foundation have discovered a couple of
flaws in Netscape's latest version of its popular Navigator Web-browsing
software, and have received $1,000 each from Netscape for their trouble.
One flaw takes advantage of various loopholes in Netscape's JavaScript
control language, that could allow a Web site to peruse the hard disk drive
of a user browsing the site.  Operators of the Web site could discover the
names of files, but not read the contents.  The other bug allows a Web site
to force a user's machine to send an e-mail message to another computer,
violating the privacy of users who wish to keep their e-mail addresses to
themselves.  Netscape will issue a new version, Navigator 2.01, next week.
(San Jose Mercury News 5 Mar 96)

Edupage is written by John Gehl (gehl _at__ educom.edu) & Suzanne Douglas
(douglas _at__ educom.edu).  Voice:  404-371-1853, Fax: 404-371-8057.  

Technical support is provided by the Office of Information Technology,
University of North Carolina at Chapel Hill.

***************************************************************
EDUPAGE is what you've just finished reading.  To subscribe to Edupage: send
a message to: listproc _at__ educom.unc.edu and in the body of the message type:
subscribe edupage Meriwether Lewis (assuming that your name is Meriwether
Lewis;  if it's not, substitute your own name).  ...  To cancel, send a
message to: listproc _at__ educom.unc.edu and in the body of the message type:
unsubscribe edupage.   (Subscription problems?  Send mail to
educom _at__ educom.unc.edu.)

EDUCOM REVIEW is our bimonthly print magazine on learning, communications,
and information technology.  Subscriptions are $18 a year in the U.S.; send
mail to offer _at__ educom.edu.  When you do, we'll ring a little bell, because
we'll be so happy!  Choice of bell is yours:  a small dome with a button,
like the one on the counter at the dry cleaners with the sign "Ring bell for
service"; or a small hand bell; or a cathedral bell;  or a door bell; or a
chime;  or a glockenspiel.  Your choice.  But ring it!

EDUCOM UPDATE is our twice-a-month electronic summary of organizational news
and events. To subscribe to the Update:  send a message to:
listproc _at__ educom.unc.edu and in the body of the message type:  subscribe
update William Clark (assuming that your name is William Clark;  if it's
not, substitute your own name).

ARCHIVES & TRANSLATIONS.  Edupage is translated into French, German, Hebrew,
Hungarian, Italian, Lithuanian, Portuguese, Romanian, and Spanish.  For
translations and archives, see URL: < http://www.educom.edu/ >.  For info on
subscribing to any of those editions, send mail to translations _at__ educom.unc.edu.

*******************************************************************
Educom -- Transforming Education Through Information Technology
*******************************************************************  


> ------- Forwarded Message Follows -------
> In tuhh.www, Sebastian Zimmermann <S.Zimmermann _at__ tu-harburg.d400.de>
> wrote:
> 
> Hallo!
> In Zusammenhang mit Netscape 2.0 habe ich folgende Warnung erhalten:
> --------------------------------------------------------------------
>  From: cip230 _at__ cip.physik.uni-wuerzburg.de (Stefan Keller)
>  Newsgroups: de.org.ccc
>  Subject: Javascript mailed in Deinem Namen
>  Date: 3 Mar 1996 19:28:13 GMT
>  Organization: CipPool der Physikalischen Institute, Uni Wuerzburg
>  Lines: 25
>  Message-ID: <4hcrsd$5c1 _at__ winx03.informatik.uni-wuerzburg.de>
>  NNTP-Posting-Host: wpax10.physik.uni-wuerzburg.de
> 
>  Hallo...
> 
>  Schaut Euch mal
>        http://cip.physik.uni-wuerzburg.de/~cip230/nettest.html
>  an.
> 
>  Wird die Seite mit Netscape 2.0 betrachtet, sendet ein Javascript
>  automatisch (sprich OHNE Euer Einverstaendnis) eine email
>  (von Eurem Account, mit Eurem Namen)
>  an die im Script eingestellte Adresse (zur Zeit an mich, auf der
>  amerikanischen Seite auf der ich's gefunden habe ging stattdessen
>  eine Protest-mail an Netscape raus..)
> 
>  Gruesse,
> 
>  Stefan
> 
> 
>  Das Script hab ich irgendwo aus .edu-Land kopiert.
> ---------------------------------------------------------------------
> Ciao
>   Sebastian
> 
> 
> 

----------------------------------------------------------------
 Jens Bleuel  <bleuel _at__ pobox.com>  URL: http://pobox.com/~bleuel
----------------------------------------------------------------


Listeninformationen unter http://www.inetbib.de.