Re: UPDATE: Security holes in JavaScript/Netscape 2.0

To: Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr">lstein@kaa.crbm.cnrs-mop.fr>
Subject: Re: UPDATE: Security holes in JavaScript/Netscape 2.0
From: John Robert LoVerso <loverso@osf.org>
Date: Fri, 01 Mar 96 09:11:25 -0500
Cc: www-security@ns2.rutgers.edu, www-managers@lists.stanford.edu, eric.hammond@sdrc.com (Eric Hammond), Malcolm Humes <mhumes@tenetwork.com>, Jeff Weinstein <jsw@netscape.com>, lstein@pico.crbm.cnrs-mop.fr
In-reply-to: Message from Lincoln Stein <lstein@kaa.crbm.cnrs-mop.fr> <199603011407.PAA04441@pico.crbm.cnrs-mop.fr> .

Please note that Netscape has (informally) announced plans for the
imminent release of 2.01 that will fix the three problems you list
as being present in 2.0.

See:	 snews://secnews.netscape.com/31367495.7AAE@atm.mcom.com

John


p.s.:

Note that I haven't seen a version string of 2.01 pop up yet, but a
quick grep of my tracking log shows I've been visited by Navigator's
claiming to be:
	Mozilla/2.1b1
	Mozilla/3.0B1
	Mozilla/2.0JavaB1 (Mac PPC)
all which allow "tracking".

However, I just noticed this one from yester:
	Mozilla/2.1a0
which sent several empty query strings.  However, it sent them to two
different hosts here at OSF.

References:

From:

Previous: Re: JavaScript to grab e-mail
Next: Portuguese government wants to free a Terrorist.
Index(es):
- Index
- Thread