Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Become a Marketplace Partner

internet.commerce
Be a Commerce Partner














The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Subscribe News
Subscribe PR
Subscribe Security

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

 







Current Newswire:

Sifting Through Billions and Billions of Bytes

Miro 2.0 - Watch TV Podcasts and Videos in HD

Hands off the Gimp

Course: Using LDAP

Bazaar for Subversion users, part 1 - the basics

Firefox 3.5 - A Really Impressive Release

Linux Migration Guide: Finding Linux Equivalents to Your Favorite Windows Programs

Tiny Core Linux 2.1 Review

5 Top of the Line Twitter Desktop Clients for Linux

SECURITY: How Microsoft benefits from Conficker




Senior Windows Engineer (NC)
Next Step Systems
US-NC-Charlotte

Justtechjobs.com Post A Job | Post A Resume
:BUGTRAQ: Netscape Communicator bookmarks <TITLE> security vulnerability
BUGTRAQ: Netscape Communicator bookmarks <TITLE> security vulnerability
May 24, 1999, 20 :23 UTC (3 Talkback[s]) (4941 reads)

There is a security bug in Netscape Communicator 4.51 Win95, 4.07 Linux (guess all 4.x versions are affected) in the way they handle special bookmarks with JavaScript code in the title.

If you enclose a JavaScript code with <SCRIPT> tags in the <TITLE> tag and bookmark that page, the JavaScript code is written in the local bookmarks file. Then when the bookmarks file is open, the JavaScript code is executed in the security context of a local file - the bookmarks file. The bookmarks file may be open by a script, probably a server redirect or by the user. The bookmarks file name must be known, but it is easily guessed for most dialup users.

Vulnerabilities: reading user's bookmarks, browsing local directories, reading local files (works fine on Linux, probably possible on Windows).

Workaround: Disable JavaScript or do not bookmark untrusted pages.

Demonstration is available at: http://www.nat.bg/~joro/book2.html See attached file for the source. 

Georgi Guninski
 http://www.nat.bg/~joro
 http://www.whitehats.com/guninsk

Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat  
  Talkback(s) Name  and Date
that&#39;s what you get with bloatware. ...   that's what you get with bloatware.   
ac
May 24, 1999, 20:48:50  
... to turn OFF JavaScript, seems every ...   Thanks for the reminder...   
Debora Weber-Wulff
May 26, 1999, 04:56:14  
That&#39;s why I use IE for untrusted si ...   Internet Exploder   
Balazs Barany
May 26, 1999, 07:21:19  
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!






..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP