1995-12-01 - Re: Netscape 2.0b2 allows for invasion of privacy (fwd)

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: 21b6610ef136bfdf9b083ae6c30a2d66b3a009b08ec45edb42bbb5c0ecbd8b2a
Message ID: <30BED8E9.16FC@netscape.com>
Reply To: <Pine.SGI.3.90.951201155131.15809A-100000@chem2.chem.swin.edu.au>
UTC Datetime: 1995-12-01 10:49:36 UTC
Raw Date: Fri, 1 Dec 1995 18:49:36 +0800

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 1 Dec 1995 18:49:36 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 2.0b2 allows for invasion of privacy (fwd)
In-Reply-To: <Pine.SGI.3.90.951201155131.15809A-100000@chem2.chem.swin.edu.au>
Message-ID: <30BED8E9.16FC@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


This problem was found a few weeks ago and we fixed it immediately.
You all can see the fix in Beta 3, which does not reflect the
history strings into livescript.  As soon as I heard of the problem
I insisted that it be fixed right away.  I also had a fairly extensive
discussion with the creator of livescript about what other things
might be dangerous.  We didn't come up with anything, but will be
doing a security review of livescript before the final 2.0 release
just to make sure.

	--Jeff
  
-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.

Thread

• Return to December 1995

• Return to “Adam Shostack <adam@lighthouse.homeport.org>”
• Return to ““Brian A. LaMacchia” <bal@martigny.ai.mit.edu>”
• Return to “Graeme Cross <graeme@chem2.chem.swin.edu.au>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Rich Graves <llurch@networking.stanford.edu>”

• Return to “sameer <sameer@c2.org>”

• 1995-12-01 (Fri, 1 Dec 1995 14:46:37 +0800) - Netscape 2.0b2 allows for invasion of privacy (fwd) - Graeme Cross <graeme@chem2.chem.swin.edu.au>
  • 1995-12-01 (Thu, 30 Nov 95 21:55:38 PST) - Re: Netscape 2.0b2 allows for invasion of privacy (fwd) - sameer <sameer@c2.org>
  • 1995-12-01 (Fri, 1 Dec 1995 14:04:23 +0800) - Re: Netscape 2.0b2 allows for invasion of privacy (fwd) - Rich Graves <llurch@networking.stanford.edu>
  • 1995-12-01 (Fri, 1 Dec 1995 14:20:08 +0800) - Re: Netscape 2.0b2 allows for invasion of privacy (fwd) - Adam Shostack <adam@lighthouse.homeport.org>
    • 1995-12-02 (Sun, 3 Dec 1995 00:24:51 +0800) - Re: Netscape 2.0b2 allows for invasion of privacy (fwd) - “Brian A. LaMacchia” <bal@martigny.ai.mit.edu>
  • 1995-12-01 (Fri, 1 Dec 1995 18:48:29 +0800) - Re: Netscape 2.0b2 allows for invasion of privacy (fwd) - Jeff Weinstein <jsw@netscape.com>
  • 1995-12-01 (Fri, 1 Dec 1995 18:49:36 +0800) - Re: Netscape 2.0b2 allows for invasion of privacy (fwd) - Jeff Weinstein <jsw@netscape.com>