|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] JavaScript-in-cookies Netscape security hole
From: Bennett Haselton (bennett
PEACEFIRE.ORG)
Date: Wed Apr 19 2000 - 10:19:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.peacefire.org/security/jscookies/
If you have cookies and JavaScript turned on in Communicator 4.x, and
you're running a profile named "default" (most Communicator 4.x
installations are set up that way), a malicious Web site can read any HTML
file on your hard drive (including the user's bookmark file and cache files).
CNet has a write-up at:
http://news.cnet.com/news/0-1005-200-1717169.html
-Bennett
bennettpeacefire.org http://www.peacefire.org
(425) 649 9024
ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]