1995-09-22 - YET ANOTHER BAD NETSCAPE HOLE!
Header Data
From: Ray Cromwell <rjc@clark.net>
To: cypherpunks@toad.com
Message Hash: fe2dd810320cbf1d499e020ccc2c77e38cd9ff7dd8f2353f707a1b234eff9bbd
Message ID: <199509220830.EAA13828@clark.net>
Reply To: <9509220814.AA06967@cs.umass.edu>
UTC Datetime: 1995-09-22 08:30:13 UTC
Raw Date: Fri, 22 Sep 95 01:30:13 PDT
Raw message
From: Ray Cromwell <rjc@clark.net>
Date: Fri, 22 Sep 95 01:30:13 PDT
To: cypherpunks@toad.com
Subject: YET ANOTHER BAD NETSCAPE HOLE!
In-Reply-To: <9509220814.AA06967@cs.umass.edu>
Message-ID: <199509220830.EAA13828@clark.net>
MIME-Version: 1.0
Content-Type: text/plain
>
> On the bright side, mailto: hyperlinks containing extra-long domain names
> seem to be handled comparatively safely in both Netscape and Mosaic.
> (Perhaps they just have longer buffers ? ;)
Good question. My guess is, Netscape doesn't do any processing on the
mailto: hyperlink at all, but merely passes it to a real mail delivery
agent like Sendmail (or it uses MAPI under Win'95). Which begs
the question, if Netscape is executing an external delivery agent,
there may be the possiblity of sneaking an attack in there and getting
the shell to execute something.
Hmm, let me try something.
WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered
this before! Try a page with the following URL
test
Muahaha! Yet another security hole! Clicking on this mailto brings up
an xterm on my machine! Simply change the xterm& to "rm -rf /" and
bingo!
Sheesh. I better stop before I am on Netscape's most hated list.
-Ray
Thread
Return to September 1995
- Return to “David Lesher <wb8foz@nrk.com>”
- Return to “Duncan Frissell <frissell@panix.com>”
- Return to “futplex@pseudonym.com (Futplex)”
- Return to “heesen@zpr.uni-koeln.de (Rainer Heesen)”
- Return to “jsw@neon.netscape.com (Jeff Weinstein)”
- Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to “Ray Cromwell <rjc@clark.net>”
Return to “sameer <sameer@c2.org>”
- 1995-09-22 (Thu, 21 Sep 95 23:12:30 PDT) - Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Thu, 21 Sep 95 23:52:42 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 00:15:47 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:14:47 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 01:30:13 PDT) - YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:37:09 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 01:50:22 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 02:46:54 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - heesen@zpr.uni-koeln.de (Rainer Heesen)
- 1995-09-22 (Fri, 22 Sep 95 02:29:06 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-22 (Fri, 22 Sep 95 02:36:12 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 05:48:01 PDT) - Re: YET ANOTHER BAD NETSCAPE HOLE! - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-26 (Tue, 26 Sep 95 05:58:03 PDT) - Re: Another Netscape Bug (and possible security hole) - David Lesher <wb8foz@nrk.com>
- 1995-09-22 (Fri, 22 Sep 95 01:30:13 PDT) - YET ANOTHER BAD NETSCAPE HOLE! - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 05:36:15 PDT) - Re: Another Netscape Bug (and possible security hole) - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-22 (Fri, 22 Sep 95 07:39:36 PDT) - Re: Another Netscape Bug (and possible security hole) - sameer <sameer@c2.org>
- 1995-09-22 (Fri, 22 Sep 95 10:14:04 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 11:28:44 PDT) - Re: Another Netscape Bug (and possible security hole) - sameer <sameer@c2.org>
- 1995-09-25 (Mon, 25 Sep 95 13:47:57 PDT) - Re: Another Netscape Bug (and possible security hole) - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-09-26 (Tue, 26 Sep 95 05:02:10 PDT) - Re: Another Netscape Bug (and possible security hole) - Duncan Frissell <frissell@panix.com>
- 1995-09-22 (Fri, 22 Sep 95 01:14:47 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)
- 1995-09-22 (Fri, 22 Sep 95 00:15:47 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
- 1995-09-22 (Fri, 22 Sep 95 00:34:29 PDT) - Re: Another Netscape Bug (and possible security hole) - jsw@neon.netscape.com (Jeff Weinstein)
- 1995-09-22 (Fri, 22 Sep 95 03:15:46 PDT) - Re: Another Netscape Bug (and possible security hole) - Laurent Demailly <dl@hplyot.obspm.fr>
- 1995-09-22 (Fri, 22 Sep 95 05:25:00 PDT) - Re: Another Netscape Bug (and possible security hole) - “Perry E. Metzger” <perry@piermont.com>
- 1995-09-22 (Thu, 21 Sep 95 23:52:42 PDT) - Re: Another Netscape Bug (and possible security hole) - futplex@pseudonym.com (Futplex)