1995-09-22 - Re: YET ANOTHER BAD NETSCAPE HOLE!

Header Data

From: futplex@pseudonym.com (Futplex)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: b4d325a8e175c758f57c440a97533629c9233d7f997fb87e8e692a4b107d8cb7
Message ID: <9509220850.AA07248@cs.umass.edu>
Reply To: <199509220830.EAA13828@clark.net>
UTC Datetime: 1995-09-22 08:50:22 UTC
Raw Date: Fri, 22 Sep 95 01:50:22 PDT

Raw message

From: futplex@pseudonym.com (Futplex)
Date: Fri, 22 Sep 95 01:50:22 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: YET ANOTHER BAD NETSCAPE HOLE!
In-Reply-To: <199509220830.EAA13828@clark.net>
Message-ID: <9509220850.AA07248@cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ray Cromwell writes:
> WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered
> this before! Try a page with the following URL
> 
>  test 
> 
> Muahaha! Yet another security hole! Clicking on this mailto brings up
> an xterm on my machine!  

This is curious, because Netscape 1.1N doesn't do this on my setup, unless I
misunderstand your description somehow. The full string including the pipe
and all come up in the To: field of the standard Netscape mailer window. At
that stage I see it as much less of a potential risk. I can't test what
happens if you actually try to send mail to such a trojan horse URL, because
there's some screwy configuration here that makes Netscape complain about
not being able to connect to localhost (!?!) when I try to send mail from it.

Mosaic 2.4 gives a standard warning page in response to this.

(I'm using SunOS 4.1.2)

-Futplex <futplex@pseudonym.com>




Thread