Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dangerous Java/Netscape Security Hole

From: Art Savelev <asavelev () ENI-NET NET>
Date: Mon, 7 Aug 2000 17:19:08 -0400
Doesn't work in Mozilla M16, kills Netscape 6 Preview 1 (which is M15
look at http://www.mozilla.org/projects/seamonkey/milestones/ ).
Works in 4.74 though. ;-)

Tested on W2K Pro, no SP1.


tkuiper () TOBIT COM wrote:


which versions are affected, even Netscape 6 PRE?

Best Regards,
Thomas

-------- Original Message --------
Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35)
From:    dan=security () BRUMLEVE COM
To:      tkuiper () TOBIT COM

Dear BugTraq,

I've found some security holes in Java and Netscape
that allow arbitrary network access and read-access
for local files and directories.  As a demonstration
I've written Brown Orifice HTTPD, a web server and file
sharing tool that runs in Netscape Communicator on all
tested platforms.  For more information, see:

http://www.brumleve.com/BrownOrifice

Thomas Kuiper    | tkuiper () tobit com         | www.tobit.com     __
Core Development | ICQ #8345483              |                  /__/\
Tobit Software   | PGP Key on Request        | ask your server. \__\/

To: dan=security () BRUMLEVE COM
    BUGTRAQ () SECURITYFOCUS COM


--
Art Savelev
617-969-7777
http://www.eni-net.com
Previous By Date Next
Previous By Thread Next

Current thread: