--------------ms4BE1104FBA6BF447EE0E0742
Content-Type: text/plain; charset=iso-8859-1
A vulnerability has been found in all Netscape Web Browsers Version 2.0
- 4.0 that can
read files off of the clients machine. Only restriction is that the
filename that is desired must be known beforehand.
More information about this bug are found here:
http://www8.zdnet.com/pcmag/news/trends/t970612b.htm
http://cnnfn.com/digitaljam/9706/12/netscape_pkg/
After you have read these so called articles with no real description of
the bug I started of thinking of a way to do exploit the bug...
In my method JavaScript would have to be used to automatically submit a
HTML Form to the server. In these forms a page writer could have
already coded the file name into the source document, such as
"autoexec.bat". When the browser loads the page off of the server, it
submits the form which transmits the file to the server via the
HTTP-File upload procedure. The SERVER now has the file the author
wanted. To fool the user, the CGI program sends the location of the
real web page to the client, and the client doesn't know otherwise.
This method would require the files to be small or else the user will
notice this is taking a long time to load the page over a modem. But
the potential for this exploit to be used over faster transmission lines
is greater.
To have a solution to this problem would be a warning dialog box,
telling the user that they are transmitting a file not just a regular
HTTP form. I have not written a single line of code exploiting this
potential vulnerability, I might get around to it if I have time.
Please note: I sent this original message 1 day (June 12) before to
Netscape and now they confirm that my hypothesis was correct on the URL:
http://home.netscape.com/misc/security_update.html
Wow, and not a letter from Netscape to me personally, I didn't even ask
for money.
Thank you for your time,
Rusty Conover
RConover@wyellowstone.com Just another High School
student.
West Yellowstone, MT 59758
http://www.wyellowstone.com
--------------ms4BE1104FBA6BF447EE0E0742
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIQngYJKoZIhvcNAQcCoIIQjzCCEIsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DwIwggpMMIIJtaADAgECAhBTSmGj4vySwMARppYDqzfsMA0GCSqGSIb3DQEBBAUAMGIxETAP
BgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NzA1MTYwMDAw
MDBaFw05NzExMTUyMzU5NTlaMIIBFDERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVh
bCBTdWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BT
IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MSYwJAYDVQQLEx1EaWdpdGFsIElEIENs
YXNzIDEgLSBOZXRzY2FwZTEWMBQGA1UEAxMNUnVzdHkgQ29ub3ZlcjEoMCYGCSqGSIb3DQEJ
ARYZUkNvbm92ZXJAd3llbGxvd3N0b25lLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDY
VbhJpVrA+aDON4M+j014d+4swEJHT0fV96hjYpU9jrUUaeLlh65NoNQ6qZ/dU8KZJqRUQYtp
kBpldIRuM3nRAgMBAAGjggeRMIIHjTAJBgNVHRMEAjAAMIICHwYDVR0DBIICFjCCAhIwggIO
MIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz
IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhl
IFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFp
bGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBD
UFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsx
ICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxs
IFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMCwwKhYo
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIDARBglghkgBhvhCAQEE
BAMCB4AwNgYJYIZIAYb4QgEIBCkWJ2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0
b3J5L0NQUzCCBIcGCWCGSAGG+EIBDQSCBHgWggR0Q0FVVElPTjogVGhlIENvbW1vbiBOYW1l
IGluIHRoaXMgQ2xhc3MgMSBEaWdpdGFsIApJRCBpcyBub3QgYXV0aGVudGljYXRlZCBieSBW
ZXJpU2lnbi4gSXQgbWF5IGJlIHRoZQpob2xkZXIncyByZWFsIG5hbWUgb3IgYW4gYWxpYXMu
IFZlcmlTaWduIGRvZXMgYXV0aC0KZW50aWNhdGUgdGhlIGUtbWFpbCBhZGRyZXNzIG9mIHRo
ZSBob2xkZXIuCgpUaGlzIGNlcnRpZmljYXRlIGluY29ycG9yYXRlcyBieSByZWZlcmVuY2Us
IGFuZCAKaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gCkNl
cnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUKaW4gdGhl
IFZlcmlTaWduIHJlcG9zaXRvcnkgYXQ6IApodHRwczovL3d3dy52ZXJpc2lnbi5jb207IGJ5
IEUtbWFpbCBhdApDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZl
cmlTaWduLApJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQz
IFVTQQoKQ29weXJpZ2h0IChjKTE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMgClJl
c2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBBTkQgCkxJQUJJTElUWSBM
SU1JVEVELgoKV0FSTklORzogVEhFIFVTRSBPRiBUSElTIENFUlRJRklDQVRFIElTIFNUUklD
VExZClNVQkpFQ1QgVE8gVEhFIFZFUklTSUdOIENFUlRJRklDQVRJT04gUFJBQ1RJQ0UKU1RB
VEVNRU5ULiAgVEhFIElTU1VJTkcgQVVUSE9SSVRZIERJU0NMQUlNUyBDRVJUQUlOCklNUExJ
RUQgQU5EIEVYUFJFU1MgV0FSUkFOVElFUywgSU5DTFVESU5HIFdBUlJBTlRJRVMKT0YgTUVS
Q0hBTlRBQklMSVRZIE9SIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUgpQVVJQT1NFLCBBTkQg
V0lMTCBOT1QgQkUgTElBQkxFIEZPUiBDT05TRVFVRU5USUFMLApQVU5JVElWRSwgQU5EIENF
UlRBSU4gT1RIRVIgREFNQUdFUy4gU0VFIFRIRSBDUFMKRk9SIERFVEFJTFMuCgpDb250ZW50
cyBvZiB0aGUgVmVyaVNpZ24gcmVnaXN0ZXJlZApub252ZXJpZmllZFN1YmplY3RBdHRyaWJ1
dGVzIGV4dGVuc2lvbiB2YWx1ZSBzaGFsbCAKbm90IGJlIGNvbnNpZGVyZWQgYXMgYWNjdXJh
dGUgaW5mb3JtYXRpb24gdmFsaWRhdGVkIApieSB0aGUgSUEuMIGGBgpghkgBhvhFAQYDBHgW
dmQ0NjUyYmQ2M2YyMDQ3MDI5Mjk4NzYzYzlkMmYyNzUwNjljNzM1OWJlZDFiMDU5ZGE3NWJj
NGJjOTcwMTc0N2RhNWQzZjIxNDFiZWFkYjJiZDJlODkyMTNhNDZjZjRkZjExNDk5NmJjYjk0
MmUyZWI5NzY1NDEwDQYJKoZIhvcNAQEEBQADgYEAGPxb2a6QxIwsFv+ftntpJhdi/ePiDWsy
3UiIoPLm7PSyQGHRpX5EIIoaRIqrcyC0AlYg+vbI3DLow2xM5bG9BhztH4g8WdNDyrRcpc0g
NIqgVwCLX9Iyu/DJ10blawUZPE42FQiZR48h/IN3N6gKtjhB3PcDq7lvxiVnmDVyqvgwggJ5
MIIB4qADAgECAhA1EaVSkG/n0CmkQBnUEfw+MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYT
AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjA2MjcwMDAwMDBaFw05NzA2
MjcyMzU5NTlaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j
LjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJl
cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAthSmz03QBQ3YyiPQb6q0KZJjjiz4b5bX
Lp12SxGxNo1XycP9HMa6/h4IujPKleq+41vNBqi3eR1EKu1z8rFSg2gQcGSR1z5r+fddnRRD
m26XRZiBR9Ety927ctdMP3Gq4kDyVDm8Fu7PfOy62z9sKrMWsYYSna6TNNW41dD3PqkCAwEA
AaMzMDEwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgIE
MA0GCSqGSIb3DQEBAgUAA4GBACnlx6AZp28UQoJNIzPXvZg6aXcabIqSJ2vyfAzhxFLg+Jzj
QK+PsToO90gZdNup+wZOeQNsLwDBqO/pCk2fqx2hQw3JquDvq8xa4tkSDnhgJ3I9SHBqbQEI
b16CIRTBuCZc4NSpR2R6suw943se/M3ElO5CjrvH+bQF9Ywt/rE6MIICMTCCAZoCBQKkAAAB
MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j
LjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eTAeFw05NjAxMjkwMDAwMDBaFw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFy
eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQ
oXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg
1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQBSc7qaVdzcP4J9
sJCYYiqCTHYAbiU91cIJcFcBDA93Hxih+xxgDqB1O0khQf6nXC1MQknT/yjYjOqd/skH4neC
UyPeVfPORJP6+ky9yjbzW2aynsjyDF5e1KG0IQkzyjtZ/JLCOPyt2ZYk4C36oyn1M2h4TrS8
n2k14qiYlHM7xDGCAWQwggFgAgEBMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoT
DlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZp
ZHVhbCBTdWJzY3JpYmVyAhBTSmGj4vySwMARppYDqzfsMAkGBSsOAwIaBQCggYYwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAjBgkqhkiG9w0BCQQxFgQU6QCyU9Iioj7i7fF3blAODtw/
Kj8wHAYJKoZIhvcNAQkFMQ8XDTk3MDYxNDAxNTUxMlowJwYJKoZIhvcNAQkPMRowGDAHBgUr
DgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAARAlvsbBqSztTFPiKLXYl+icBpO
A9TwGez8HodWbAHBlnS4Vn1/9HYRFfYCYodDqB93/FhSl3U9SaIy6S+8/1fBEQ==
--------------ms4BE1104FBA6BF447EE0E0742--