Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Netscape flaw exposes hard drives
Results 1 to 8 of 8

Thread: Netscape flaw exposes hard drives

  1. #1
    Mentor coltrane's Avatar
    Join Date
    May 2001
    Location
    North Carolina
    Posts
    1,390

    Netscape flaw exposes hard drives

    http://zdnet.com.com/2100-1104-896099.html



    GreyMagic Software reported that the problem affects XMLHttpRequest, which allows Web pages in the browser to send and receive XML data via HTTP, the standard Web transfer protocol. XML is an Internet language for describing just about any sort of data.

    According to the report, verified by other developers, XMLHttpRequest doesn't properly check the security settings for some types of data requests in a Web page, allowing them, if properly disguised, to request data from the user's hard drive. The Internet Explorer bug required an attacker to know the name of a file on the user's PC in order to exploit that file, but the Mozilla bug also allows the contents of directories on the local drive to be listed.

    GreyMagic created a demonstration of the bug that allows a Web page to display a window for exploring the viewer's own hard drive.

    The bug is found in versions of Mozilla from 0.9.7 to 0.9.9 on various operating system platforms, and in Netscape versions 6.1 and higher. The flaw doesn't affect Mozilla 1.0 release candidate 1 because XMLHttpRequest appears to be broken in that release, according to Mozilla developers.

    A patch for the bug was not available as of late morning on Wednesday.

    GreyMagic also criticized Netscape's system for reporting bugs, saying a 24 April attempt to report the bug was not acknowledged. Following the firm's public report of the bug, another developer reported the bug to Mozilla's bug-tracking system, whose developers have confirmed the flaw. The flaw has also been distributed on the BugTraq security mailing list.

    Netscape, a division of AOL Time Warner, uses Mozilla technology in its commercial browser. Mozilla itself is open source, meaning that its original programming code is freely available for alteration and re-distribution so long as any software that uses it is made available under the same terms. Mozilla software is used in other open-source browsers, such as the Galeon browser for Linux.

    Netscape was not immediately available for comment.

  2. #2

    Re: Netscape flaw exposes hard drives

    does anyone know if this affects win32 systems differently from Linux systems? how about MacOS and the rest of the many platforms out there?

  3. #3
    Mentor coltrane's Avatar
    Join Date
    May 2001
    Location
    North Carolina
    Posts
    1,390

    Re: Netscape flaw exposes hard drives

    unable to determine

    will welcome any theories

  4. #4

    Re: Netscape flaw exposes hard drives

    http://online.securityfocus.com/arch...8/2002-05-04/0

    good read there - flaw verifed on win32, has not been verifed on any other OS, although other platforms are belived to be vunerable.

  5. #5

    Re: Netscape flaw exposes hard drives

    whoa!! it does affect linux systems.
    it will not successfully read items which have proper permissions set up, e.g. it can't see what is in /root or /var/log .
    uncool. it also affects BSD.

  6. #6

    Re: Netscape flaw exposes hard drives

    Apparently it doesn't work in 1.0rc1 --> "It's too broken for the brokenness to show through". That's great.

  7. #7
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re: Netscape flaw exposes hard drives

    Is it only to Netscape and Mozilla?? Or is it all the XMLHTTPrequest implementation??

    Good thing I'm using Konqueror ... :-/may be :-/

  8. #8

    Re: Netscape flaw exposes hard drives

    Good thing I'm using 1.0rc1

Similar Threads

  1. SATA Hard drives.
    By CP in forum Linux - Hardware, Networking & Security
    Replies: 5
    Last Post: 06-18-2006, 02:37 AM
  2. 2 hard drives
    By gtoman in forum Linux - General Topics
    Replies: 1
    Last Post: 06-06-2006, 10:59 PM
  3. Cheap Hard Drives
    By trickster in forum Linux - Hardware, Networking & Security
    Replies: 12
    Last Post: 06-15-2003, 11:50 AM
  4. Have two hard drives but need more space
    By Rastar in forum Linux - General Topics
    Replies: 2
    Last Post: 05-24-2002, 03:42 PM
  5. old hard drives
    By agar in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 12-04-2001, 03:45 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •