|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mads Peter Bach (mpb
bugtraq.logout.sh)Date: Tue Jun 05 2001 - 23:34:58 CDT
3APA3A wrote:
[snip]
> Background:
>
> Netscape Messanger uses internal protocol called mailbox://. The
> format of mailbox URI is
>
> mailbox://full_path_to_user_folder?ID=some_message_d&number=somenumber
>
> this URI contains full path to user's mailbox which usually contains
> user's login name and in case of Windows 9x - the path to Netscape
> installation. It's impossible to determine this location from
> javascript inside e-mail message, because Netscape hides
> document.location from javascript.
>
> Problem:
>
> It's possible to retrieve mailbox:// URI of the message. E.g., it's
> possible to retrieve mailbox location, user's system login and in some
> cases path to Netscape installation.
>
This vulnerability only affects the users local (on the client machine) mailbox. If a user keeps his mail on an IMAP server, the the referer will show
up as an IMAP:// url.
Workaround: Don't use POP3, and keep your mail on an IMAP server.
/Mads
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]