IP: Exploit could expose browser data

Date view Thread view Subject view Author view

From: eugene.leitl@lrz.uni-muenchen.de
Date: Tue Apr 25 2000 - 02:34:46 PDT


(((the bookmarks and cache are free to be mined, for the daring)))

From: Dave Farber <farber@cis.upenn.edu>

>From: golds@mail.com
>
>
>Exploit could expose browser data
>
>A newly discovered Netscape vulnerability could allow Webmasters
>to view a user's bookmarks.
>
> By Margaret Kane, ZDNet News
> UPDATED April 20, 2000 1:49 PM PT
>
> A newly discovered vulnerability in
> Netscape Navigator 4.x could allow a
> Webmaster to view a user's bookmark or
> cache file.
>
> And Microsoft Corp.'s (Nasdaq: MSFT) Internet
> Explorer may have a similar weakness,
> according to several reports.
>
> The trick uses cookies to run JavaScript on a
> user's computer. A Webmaster could redirect
> the user to a page using frames, with one frame
> pointing to the cookie file and another pointing
> to the page the Webmaster wishes to read.
>
><snip>
>http://www.zdnet.com/zdnn/stories/news/0,4586,2553337,00.html
>
>----------
>Note:
>IP-ers might consider a separate bookmark management application that also
>comes with more features than those in the browser (either Netscape or
>IE). I recommend (and use with 3500 bookmarks) a small shareware bookmark
>database called Compass that has a 5 star rating from several download
>sites, and works with Netscape, IE and Opera.
>
>Rich Goldschmidt
>EC Architect / IT Consultant
>golds@mail.com
>


Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Tue Apr 25 2000 - 15:42:20 PDT