Let's not over-react, please. This bug *only* allows people to see files that the user running Netscape has access to, and *only* if it already knows the names of these files. On a Debian 1.3 machine, which uses shadow passwords, essentially the only thing that would be of use for people would be files in your home directory. And since there are no predictable patterns for these files, it would be difficult to construct a web page that would cause serious harm.
George Bonser <[EMAIL PROTECTED]> writes: > Better take this SERIOUSLY folks, it is a VERY big bug ... major security > hole. It allows a server to see EVERYTHING on the client filesystem. > > > George Bonser > [EMAIL PROTECTED], [EMAIL PROTECTED] > > ---------- Forwarded message ---------- > Date: Thu, 12 Jun 1997 21:06:45 -0500 > From: Francisco Benavides <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: BIG NetScape Bug!!!!!!!!!!!!!!!!1 > > Hi, > > A HUGE flaw was uncovered in the new NetScape, for more details: > > http://cnnfn.com/digitaljam/9706/12/netscape_pkg/ > > Bye/Francisco :) > > > -- > TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to > [EMAIL PROTECTED] . > Trouble? e-mail to [EMAIL PROTECTED] . > -- John Goerzen | Running Debian GNU/Linux (www.debian.org) Custom Programming | [EMAIL PROTECTED] | -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
