There is a design flaw in Netscape 4.51, 4.5 Win95, 4.08 WinNT (I guess all 4.x version are vulnerable)
which allows the following security exploits:
- Reading the parsed content of local HTML files (by 'parsed' I mean the text the user sees, not the actual HTML source)
- Reading the parsed content of HTML files on a web server blocked by a firewall (the browser and the web server must be on the same side of the firewall)
- Reading user's cache
- Browsing directories
- Probably others
This may be exploited using HTML message.
Workaround: Disable Javascript
Demonstration:
This exploits will take some time (few minutes). Please be patient. If you see changing text in a small window, then the exploit is running.
I guess the algorythm may be improved to make things faster.
Read the name of the first file/directory on your C: drive (Windows users)
Read the first URL in your cache
| Home |
Internet Explorer |
Windows 2000 |
AIX |
Netscape |
Greets |
More... |