Date:       Fri, 22 Mar 96 11:25:40 -0500
From:       John Robert LoVerso <loverso@schooner.com>
To:         www-security@ns2.rutgers.edu
Subject:    Netscape 2.01 & JavaScript
Message-id: <199603221625.LAA17248@postman.osf.org>
Last Saturday I wrote:
> > or if there is still a "privacy vulnerability" in Navigator 2.01.
> Not to my knowledge.
I have since produced examples of three exploits of JavaScript that work with 2.01 (as long as JavaScript is enabled):

1. History tracking

2. Reading & retrieving directory listings 3. Reading & retrieving files

My examples, when available, are at http://www.schooner.com/~loverso/javascript/.

My understanding from Netscape is that these problems will be fixed in an early beta of 3.0, due in a month (or so). Further, I think they will be putting a confirmation dialog on form postings that includes instances of mailto: and file upload.

Note that users of 2.01 can simply disable JavaScript to avoid these problems.

John Robert LoVerso