1995-12-01 - Re: Netscape 2.0b2 allows for invasion of privacy (fwd)

Header Data

From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: 21b6610ef136bfdf9b083ae6c30a2d66b3a009b08ec45edb42bbb5c0ecbd8b2a
Message ID: <30BED8E9.16FC@netscape.com>
Reply To: <Pine.SGI.3.90.951201155131.15809A-100000@chem2.chem.swin.edu.au>
UTC Datetime: 1995-12-01 10:49:36 UTC
Raw Date: Fri, 1 Dec 1995 18:49:36 +0800

Raw message

From: Jeff Weinstein <jsw@netscape.com>
Date: Fri, 1 Dec 1995 18:49:36 +0800
To: cypherpunks@toad.com
Subject: Re: Netscape 2.0b2 allows for invasion of privacy (fwd)
In-Reply-To: <Pine.SGI.3.90.951201155131.15809A-100000@chem2.chem.swin.edu.au>
Message-ID: <30BED8E9.16FC@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


This problem was found a few weeks ago and we fixed it immediately.
You all can see the fix in Beta 3, which does not reflect the
history strings into livescript.  As soon as I heard of the problem
I insisted that it be fixed right away.  I also had a fairly extensive
discussion with the creator of livescript about what other things
might be dangerous.  We didn't come up with anything, but will be
doing a security review of livescript before the final 2.0 release
just to make sure.

	--Jeff
  
-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.





Thread