Bugtraq mailing list archives

Another Netscape 4.07 cache reading bug

From: guninski () USA NET (Georgi Guninski)
Date: Thu, 8 Oct 1998 22:20:19 -0400


I have found a new bug in Netscape Communicator 4.07, 4.05 (probably others),
which allows reading the user's cache (the URLs the user has visited, including the info in GET forms).
The bug uses Javascript - a link to 'about:<SCRIPT>...javascript code...</SCRIPT>' does the work.

A demo is available at: http://www.freeyellow.com/members5/guninski/ncache.html

Part of the code is borrowed from Dan Brumleve <nothing () shout net>, for better goodies see:
http://www.shout.net/~nothing/son-of-cache-cow/index.html
Workaround: Disable Javascript.

Regards,
Georgi Guninski


____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1

Current thread:

Re: Redhat man exploit, (continued)
- - - Re: Redhat man exploit Mike (Oct 12)
    - Possible login name leak on SunOS 5.6 Pete Krawczyk (Oct 12)
    - Re: Redhat man exploit John Brahy (Oct 09)
  - Overflow in zgv-4.1? onix (Oct 07)
    - Re: Overflow in zgv-4.1? Paul Boehm (Oct 09)
    - The Cuartango Security Hole in IE4 Aleph One (Oct 12)
  - SCO Openserver 5.0.5 syn-floodable Eric (Oct 08)
  - Re: linux 2.0.35 ip aliasing with aliased hwaddr pedward () WEBCOM COM (Oct 08)
  - more Netscape 4.07 javascript security Max Vision (Oct 08)
    - Re: more Netscape 4.07 javascript security Peter W (Oct 11)
  - Another Netscape 4.07 cache reading bug Georgi Guninski (Oct 08)
    - Re: Another Netscape 4.07 cache reading bug Ken Williams (Oct 08)