Bugtraq mailing list archives
Netscape Communicator Bug
From: aleph1 () DFW NET (Aleph One)
Date: Fri, 1 Aug 1997 12:44:11 -0500
http://www.iti.gov.sg/iti_people/iti_staff/kcchiang/bug/ Netscape Communicator Bug demonstration This bug affects netscape communicator (even version 4.01a) with Java and Javascript enabled. I've tested it on Windows 95/NT and Linux. This bug lets a mailicious site achieve the same effects as the recently reported JavaScript bug. However, the mechanism to achieve the effect is different. Unlike the reported JavaScript bug, this exploit doesn't spawned off a separate window, and is thus more "invisible" to the user. After leaving this page, any web site that you subsequently visit will be captured by this web server. The information you enter into forms will be captured too, but this will sometimes not work (I've no idea why). To view the information captured on you, simply visit http://www.iti.gov.sg/cgi-bin/track.cgi when you're done going to other sites. You may want to turn off Java/JavaScript until Netscape resolved this bug. Update Netscape has confirmed the bug, and has a fix for it. I don't know when the new release will be available (check out their web site). ZDnet has a report on this bug. You may want to check out their site: http://www5.zdnet.com/zdnn/content/zdnn/0725/zdnn0005.html Kuo Chiang (kcchiang () iti gov sg) Assoc Member of Technical Staff, Information Technology Institute (Singapore). Last modified: Thu Jul 24 16:37:16 SGT 1997
Current thread:
- Netscape Communicator Bug Aleph One (Aug 01)