[ILUG] Security hole in Netscape Communicator
Donncha O Caoimh
donncha.ocaoimh at tradesignals.com
Tue Apr 10 13:10:48 IST 2001
http://linuxtoday.com/news_story.php3?ltsn=2001-04-09-011-20-SC
"The Netscape browser does not escape the gif file comment in the image
information page. This allows javascript execution in the "about:"
protocol and can for example be used to upload the History
(about:global) to a webserver."
As this is the browser many of us use, I'm sure this will be of
interest.
Time to disable Javascript again..
Donncha.
More information about the ILUG
mailing list