Date: Thu, 20 Mar 2003 19:32:29 -0500 (EST) From: Trevor Johnson <trevor@jpj.net> To: "Scott R." <reverend@sfmidimafia.com> Cc: Doug Barton <DougB@freebsd.org>, "Scott A. Moberly" <smoberly@karamazov.org>, ports@freebsd.org Subject: Re: Netscape 7.02? Message-ID: <20030320191630.I30018@blues.jpj.net> In-Reply-To: <3E7A0033.5060806@sfmidimafia.com> References: <3E78B6F0.5040505@sfmidimafia.com> <46898.65.221.169.187.1048100277.squirrel@mail.karamazov.org> <20030320040239.Q15655@blues.jpj.net> <3E7A0033.5060806@sfmidimafia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Scott R. wrote: > Actually, there is no particular reason. The reason I thought of it was > because I would rather not use a "forbidden" piece of software and I > thought maybe the update to 7.02 might take care of the security bug. It's easy to test for the bug I mentioned. Just browse to <URL:http://members.ping.de/~sven/mozbug/refcook.html>; and follow the instructions. The bug for which I marked the port FORBIDDEN is that when browsing a hostile Web page, information can be retrieved from a Web server on a private, non-routable, RFC 1918-style network (intranet) and sent back to the hostile server. I've heard that this can happen with any browser that implements Javascript. Short of disabling Javascript, there is a work-around for this bug in the release notes (URL in FORBIDDEN line). If you don't have an intranet or don't care who can read Web pages from it, then you needn't worry about it. The forward referrer bug has to do with a hostile Web site getting a list of the URLs (including files) you browse after going to the hostile site. There's a workaround described on the demonstration page, or you can avoid this bug too by disabling Javascript. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030320191630.I30018>