1995-09-22 - Re: YET ANOTHER BAD NETSCAPE HOLE!
Header Data
From: futplex@pseudonym.com (Futplex)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: b4d325a8e175c758f57c440a97533629c9233d7f997fb87e8e692a4b107d8cb7
Message ID: <9509220850.AA07248@cs.umass.edu>
Reply To: <199509220830.EAA13828@clark.net>
UTC Datetime: 1995-09-22 08:50:22 UTC
Raw Date: Fri, 22 Sep 95 01:50:22 PDT
Raw message
From: futplex@pseudonym.com (Futplex)
Date: Fri, 22 Sep 95 01:50:22 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: YET ANOTHER BAD NETSCAPE HOLE!
In-Reply-To: <199509220830.EAA13828@clark.net>
Message-ID: <9509220850.AA07248@cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain
Ray Cromwell writes:
> WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered
> this before! Try a page with the following URL
>
> test
>
> Muahaha! Yet another security hole! Clicking on this mailto brings up
> an xterm on my machine!
This is curious, because Netscape 1.1N doesn't do this on my setup, unless I
misunderstand your description somehow. The full string including the pipe
and all come up in the To: field of the standard Netscape mailer window. At
that stage I see it as much less of a potential risk. I can't test what
happens if you actually try to send mail to such a trojan horse URL, because
there's some screwy configuration here that makes Netscape complain about
not being able to connect to localhost (!?!) when I try to send mail from it.
Mosaic 2.4 gives a standard warning page in response to this.
(I'm using SunOS 4.1.2)
-Futplex <futplex@pseudonym.com>
Thread
Return to September 1995
- Return to “David Lesher <wb8foz@nrk.com>”
- Return to “Duncan Frissell <frissell@panix.com>”
- Return to “futplex@pseudonym.com (Futplex)”
- Return to “heesen@zpr.uni-koeln.de (Rainer Heesen)”
- Return to “jsw@neon.netscape.com (Jeff Weinstein)”
- Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to “Ray Cromwell <rjc@clark.net>”
Return to “sameer <sameer@c2.org>”
- 1995-09-22 (Thu, 21 Sep 95 23:12:30 PDT) - Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Thu, 21 Sep 95 23:52:42 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 00:15:47 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:14:47 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 01:30:13 PDT) - YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:37:09 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:50:22 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 02:46:54 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - heesen@zpr.uni-koeln.de (Rainer Heesen)
- 1995-09-22 (Fri, 22 Sep 95 02:29:06 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-22 (Fri, 22 Sep 95 02:36:12 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 05:48:01 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-26 (Tue, 26 Sep 95 05:58:03 PDT) - Re: Another Netscape Bug (and possible security hole) - David Lesher <wb8foz@nrk.com>
- 1995-09-22 (Fri, 22 Sep 95 01:30:13 PDT) - YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 05:36:15 PDT) - Re: Another Netscape Bug (and possible security hole) - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-22 (Fri, 22 Sep 95 07:39:36 PDT) - Re: Another Netscape Bug (and possible security hole) - sameer <sameer@c2.org>
- 1995-09-22 (Fri, 22 Sep 95 10:14:04 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 11:28:44 PDT) - Re: Another Netscape Bug (and possible security hole) - sameer <sameer@c2.org>
- 1995-09-25 (Mon, 25 Sep 95 13:47:57 PDT) - Re: Another Netscape Bug (and possible security hole) - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-09-26 (Tue, 26 Sep 95 05:02:10 PDT) - Re: Another Netscape Bug (and possible security hole) - Duncan Frissell <frissell@panix.com>
- 1995-09-22 (Fri, 22 Sep 95 01:14:47 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 00:15:47 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 00:34:29 PDT) - Re: Another Netscape Bug (and possible security hole) - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-22 (Fri, 22 Sep 95 03:15:46 PDT) - Re: Another Netscape Bug (and possible security hole) - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-09-22 (Fri, 22 Sep 95 05:25:00 PDT) - Re: Another Netscape Bug (and possible security hole) - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-22 (Thu, 21 Sep 95 23:52:42 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)