Bugtraq mailing list archives
Re: Is _your_ Netscape under remote control
From: psw () wherry com (Phillip Wherry)
Date: Fri, 24 May 1996 18:01:42 -0400
A couple of messages have appeared on the Bugtraq mailing list concerning the use of X to control a Netscape client. I think there's a fundamental point being missed here: control of the Netscape client is done through X properties and thereby REQUIRES that one already have control of the X server. The situation described (Web server manipulates a Netscape instance remotely) isn't possible unless the server ALREADY has unfettered access to the X server; even if this were true, the attack would be conducted via the X mechanisms and not HTTP. The server-side include example cited wouldn't work, since the program would be executed on the Web server end, not the client (running the X server). Phil -- Phil Wherry - psw () wherry com Phone: +1 703 242-2618; fax +1 703 242-1167
Current thread:
- Re: Denial of Service Attacks INFO, (continued)
- Re: Denial of Service Attacks INFO Matthew Harding (May 23)
- Re: Denial of Service Attacks INFO Fred Cohen (May 23)
- /dev/openprom problems - Solaris 1 or Solaris 2 Matthew Harding (May 24)
- Possible bug in solaris2.4 ? Tequila System Admin (May 24)
- Re: Possible bug in solaris2.4 ? Dave Barr (May 24)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Jamie (May 25)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Dan Stromberg (May 26)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)
- Re: Is _your_ Netscape under remote control Chris Burris (May 24)
- CIAC Bulletin G-25: SUN statd Program Vulnerability David Crawford (May 24)
- Re: Is _your_ Netscape under remote control Phillip Wherry (May 24)
- Re: Is _your_ Netscape under remote control Dave Taylor (May 23)
- Re: Is _your_ Netscape under remote control Darrell Fuhriman (May 24)
- Re: Is _your_ Netscape under remote control Dave Horsfall (May 25)
- Re: Is _your_ Netscape under remote control Wolfgang Ley (May 27)
- Re: Denial of Service Attacks INFO Matthew Harding (May 23)
- Re: Is _your_ Netscape under remote control Sven Neuhaus (May 24)
- Re: Is _your_ Netscape under remote control Roger Espel Llima (May 24)