Bugtraq mailing list archives

It's not over yet.

From: Jim.W.Manley () LMCO COM (Manley, Jim W)
Date: Fri, 11 Jul 1997 05:47:48 -0500


-----BEGIN PGP SIGNED MESSAGE-----

I just finished testing this with Netscape 3.02 and Communicator 4.01.

Netscape 3.02 DID NOT appear to fix the problem demonstrated by
going to sight

                http://www.aleph2.com/tracker/

A couple of things I did note:

1.  If the option to notify the user when submitting a form insecurely
is
selected,
everytime I changed locations, the warning banner appeared in the upper
left
hand corner.

2.  In the tool bar that displays what applications are running, there
was
always
one more Netscape process than I had Netscape window open.

Communicator 4.01 did not seem to be affected by the problem.  After
connecting
to the tracker site, I was able to move around to several other sites
and none
of
the activity was tracked.

Jim Manley
LMTAS

-----BEGIN PGP SIGNATURE-----
Version: 4.5

iQCVAwUBM8VXSOir2CBIaWGxAQFLpAP+On2pDhYv3KHqrEhU3WXn+O4qpnFFUqtx
9AsOLqRHWuLoIbefmz4qAdpKHalczfIm2UFqmqw2CRBQmqajASHo1tYcHxQLL9aK
SYH6zal8E2BVJGutqn/URQFscV7IKanNpQzHRs/4GzQYBXtyTEToWe4RhnStT/Fq
gL3gjSWeyvw=
=oM4N
-----END PGP SIGNATURE-----

----------
From:         Dominick Matthias PN OIL 6
Sent:         Thursday, July 10, 1997 9:54 AM
To:   Manley, Jim W; BUGTRAQ
Subject:      Re: CERT Advisory CA-97.20 - JavaScrip

Has anyone else already tried out Netscape Navigator 3.02? It claims
that it fix the bug found by the Danish company plus the JavaScript
bug
found by Bell labs; PC-world reports that this is the new JavaScript
bug
found by Dan Brumleve
(http://www.pcworld.com/cgi-bin/database/body.pl?ID=970709180417).
While
the fix of the first bug seems to work  I can still reproduce the 2nd
bug by going to the author's page at

I got my version for (German) Windows 95 at

ftp://ftp.netscape.com/pub/navigator/3.02/shipping/english/windows/win
d
ows95_or_nt/navigator_complete/
                n32e302p.exe    [Jul 07  20:21] 5835k

Confused...
-- Matthias

----------

Current thread:

Vulnerability in Glimpse HTTP Razvan Dragomirescu (Jul 02)
- Re: Vulnerability in Glimpse HTTP Brian Gentry (Jul 02)
  - Re: Vulnerability in Glimpse HTTP Jean-Christophe Touvet (Jul 03)
  - Re: Vulnerability in Glimpse HTTP Paul Phillips (Jul 08)
    - Re: Vulnerability in Glimpse HTTP Oliver Friedrichs (Jul 09)
    - CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Nicolas Dubee (Jan 01)
    - Re: Vulnerability in Glimpse HTTP Martin Pool (Jul 10)
    - It's not over yet. Aleph One (Jul 11)
    - It's not over yet. Manley, Jim W (Jul 11)
    - More information about JavaScript bug Dominick Matthias PN OIL 6 (Jul 11)
    - new post SP3 hotfix: lm-fix Alex Libenson (Jul 12)
    - Minor PGP vulnerability Harald Weidner (Jul 15)
    - GetAdmin - Hotfix silent release ? Olivier Gerschel (Jul 16)
    - Re: Minor PGP vulnerability Lucky Green (Jul 16)
    - CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities Aleph One (Jul 17)
    - slight misinformation in CA-97.21 Dave Kormann (Jul 17)
    - msg00234.html brush () SEARCH POL PL (Jul 17)
    - CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Aleph One (Jul 16)
    - Sun Security Bulletin #00146 Aleph One (Jul 16)

(Thread continues...)