Bugtraq mailing list archives
Re: Dangerous Java/Netscape Security Hole
From: Art Savelev <asavelev () ENI-NET NET>
Date: Mon, 7 Aug 2000 17:19:08 -0400
Doesn't work in Mozilla M16, kills Netscape 6 Preview 1 (which is M15 look at http://www.mozilla.org/projects/seamonkey/milestones/ ). Works in 4.74 though. ;-) Tested on W2K Pro, no SP1. tkuiper () TOBIT COM wrote:
which versions are affected, even Netscape 6 PRE? Best Regards, Thomas -------- Original Message -------- Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35) From: dan=security () BRUMLEVE COM To: tkuiper () TOBIT COM Dear BugTraq, I've found some security holes in Java and Netscape that allow arbitrary network access and read-access for local files and directories. As a demonstration I've written Brown Orifice HTTPD, a web server and file sharing tool that runs in Netscape Communicator on all tested platforms. For more information, see: http://www.brumleve.com/BrownOrifice Thomas Kuiper | tkuiper () tobit com | www.tobit.com __ Core Development | ICQ #8345483 | /__/\ Tobit Software | PGP Key on Request | ask your server. \__\/ To: dan=security () BRUMLEVE COM BUGTRAQ () SECURITYFOCUS COM
-- Art Savelev 617-969-7777 http://www.eni-net.com
Current thread:
- Dangerous Java/Netscape Security Hole Dan Brumleve (Aug 07)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)
- Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) Michael H. Warfield (Aug 09)
- <Possible follow-ups>
- Re: Dangerous Java/Netscape Security Hole tkuiper (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Michael H. Warfield (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Art Savelev (Aug 08)
- Re: Dangerous Java/Netscape Security Hole Andrew L . Davis (Aug 08)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)