On 19 Jun 1997, John Goerzen wrote: > Let's not over-react, please. This bug *only* allows people to see > files that the user running Netscape has access to, and *only* if it > already knows the names of these files. On a Debian 1.3 machine, > which uses shadow passwords, essentially the only thing that would be > of use for people would be files in your home directory. And since > there are no predictable patterns for these files, it would be > difficult to construct a web page that would cause serious harm.
NT and Win95 users are at risk since the OS is typically loaded into the default directories and files such as those containing passwords are susceptible to being accessed. Recommendation from NS is to turn off Java Script and set the warn of sending secure data option until the patched versions are released. Cheers, Jim -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
