Re: Netscape 2.01 & JavaScript

• To: Rob Jenson <jenson@nasirc.hq.nasa.gov">jenson@nasirc.hq.nasa.gov>
• Subject: Re: Netscape 2.01 & JavaScript
• From: John Robert LoVerso <john@loverso.southborough.ma.us>
• Date: Sat, 16 Mar 1996 10:03:11 -0500
• Cc: www-security@ns2.rutgers.edu
• In-reply-to: Message from Rob Jenson <jenson@nasirc.hq.nasa.gov> <199603152143.QAA14400@nasirc.hq.nasa.gov> .

> Navigator 2.01 fixes this problem by refusing to allow a
> script from a server to view file names and directory listings on
> the local user's machine.

This text is slightly misleading.  2.01 changes things such that a script
cannot read the "links" properties of a window displaying data from a different
source host.  It does not prevent this:

	window.open("file:/")

Note that this JUST opens a new window display the contents.  You can view it,
but JavaScript cannot access ("view") it.  This statement is the "key" to the
directory browser.

The funny thing is that this confusion is what lead many people to think that
the original exploit at http://www.c2.org/~aelana/javascript.htm was
functional in Netscape 2.0.  It was not (for me).  It only opened a window
displaying a directory listing, but a bug prevented it from going off and
reading the contents.

Yesterday I was written twice about my copy of the exploit (off my home page
at javascript/dir.htm).  I've since added additional explanatory text to it
to prevent people from thinking the exploit is still viable.

> or if there is still a "privacy vulnerability" in Navigator 2.01.

Not to my knowledge.


John LoVerso
OSF Research Institute

• Netscape 2.01 & JavaScript and Java
• From: ramana@eng2.uconn.edu

• From:

• Previous: Netscape 2.01 & JavaScript
• Next: Re: preventing downloading
• Index(es):
  • Index
  • Thread