Fun_People Archive
18 Mar
Netscape 2.0 JavaScript security flaws
Date: Mon, 18 Mar 96 15:48:04 -0800
From: Peter Langston <psl>
To: Fun_People
Subject: Netscape 2.0 JavaScript security flaws
Forwarded-by: Scott Tinney <spyder@galaxy.galstar.com>
Checkout
http://www.osf.org/~loverso/javascript
tracks visitor's history.lst, logs user's HD dir structure, crashes
Netscape, coder-defined Alerts, etc. I didn't try them all, but he has
found some interesting uses for JavaScript. I haven't had time to check it
out w/ 2.01 yet. I'd like to compile a summary of 2.01 anomalies. Msg that
follows is where I got the URL.
>This is a copy of a message to ALL from CHRIS LEE
> Originally posted in conference 0003 - COMPUTER on SBA
>I just saw the following on a local bbs, and checked out the site
>mentioned. Some really interesting stuff there, and should really
>give pause to those who claim browsing the WWW is safe. It might but
>the question is safe for whom?
>***************************************************************************
>
>Msg #: 2302 I-NET Subboard
> From: KIRK MUSE Sent: 03-06-96 15:28
> To: ALL Rcvd: 03-06-96 17:31
> Re: NETSCAPE 2.0
>
>Before everybody rushes right out and upgrades to 2.0 you may want to
>check out www.osf.org/~loverso/javascript. If you dont already know
>the author of a web page can download a list of everything on your hard
>drive and even tell what pages you visit after you leave his. Cool
>isn't it? Netscape has released patches to prevent this but the
>author of the above mentioned page says and proves that some of their
>patches are BS. If this is old news my apologies.
![[=]](/GFX/FileDrawer.gif)
© 1996 Peter Langston
![[]](/GFX/envelope.gif)