---

Netscape Communicator 4.51 allows sniffing of URLs from another window

Georgi Guninski writes:

There is a bug in Netscape Communicator 4.51,4.5/Win95,
4.08/WinNT (probably others?), which allows sniffing URLs from
another window. The exploit uses the ability to execute JavaScript
code from specially designed URLs in the javascript console window,
when an error is deliberately invoked.

Demonstration and source is available at http://www.nat.bg/~joro/b11.html

(The exploit does not work if you are behind some versions of a
squid proxy. If you do not see your URL in a message box, try
reloading the main page).

Workaround: Disable JavaScript.

Regards,
Georgi Guninski

LT Labs has verified that this bug exists in Netscape
Communicator 4.51 for Linux. -lt ed

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis