Netscape Communicator 4.x will grant remote access to local html files (including
the
user's
bookmark file and files in their cache) if both cookies and javascript are
enabled.
This is
possible due to the fact that JavaScript can be embedded in a cookie, written to
cookies.txt,
and then executed, in which case the code is treated as local and allowed to
interact
with
local data.
The path to the user's profile directory must be known to that attacker, as it
needs
to be
specified in the JavaScript code.
http://www.safermag.com/html/safer24/alerts/24.html
Could this security flaw also affect NS 4.61 for OS/2 Warp?
Many thanks in advance for any info.
Massimo
http://www.teamos2.it
http://www.ecomstation.com/
- Quasar BBS http://bbs.quasarbbs.net -
- irc.quasarbbs.net channel: #Os2ita -
