This just in: Netscape Vulnerability

[David Lapointe]

This came from the Mandrake security list.  I can't demonstrate the vulnerability though,
likely related to my firewall.  

Problem Description:

There exists a problem in all versions of Netscape with Java enabled.
Under certain conditions, Netscape can be turned into a server that
serves files on your local hard drive that Netscape has read access to
and remote people can access it by connecting their web client to port
8080 on your machine if they know the IP address.  For a demonstration
of this vulnerability visit http://www.brumleve.com/BrownOrifice/.
________________________________________________________________________

Linux-Mandrake recommends you disable Java to make Netscape invulnerable
to this exploit.  You can disable Java by hand in Edit -> Preferences ->
Advanced.  You can also remove the preferences.js file by using:

rm -f ~/.netscape/preferences.js
_

-- 
 .david
 David Lapointe
"Hokey religions and ancient weapons are no 
match for a good blaster at your side, kid,"
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).