Netscape Security Vulnerability Discovered
22 Comments
Stating that it is not a bug, Bennett Haselton, Webmaster of Peacefire.org who discovered the bug, claims that a vulnerability in Netscape 4.x allows a malicious webmaster to view bookmarks and cache file. Via frames opened by the HTML and a little snipet of JavaScript, a webmaster can view the file by redirecting one frame to point to the file desired, the other frame pointed to the cookie file. Using this, Haselton was able to have a users bookmarks e-mailed to him as a demonstration of the exploit. To combat the vulnerability, users need simply to change their profile, in Netscapes preferences. Only if the profile is set to default does the problem exist.