Subject: Re: mozilla-1.0.rc1,1 is forbidden
To: None <netbsd-help@netbsd.org>
From: Shin'ichiro TAYA <taya@netbsd.org>
List: netbsd-help
Date: 05/07/2002 12:22:43
Hi, I was away from keyboard for a week.
I've just read the news about this.
I'll incorporate the patches soon.

From: Per-Olof Pettersson <netbsd-help.netbsd.lists@peope.net>
Subject: Re: mozilla-1.0.rc1,1 is forbidden
Date: Mon, 06 May 2002 11:59:39 +0200

> paul beard wrote:
> 
> > mozilla-1.0.rc1,1 is forbidden: malicious Web servers can upload 
> > files--see http://sec.greymagic.com/adv/gm001-ns/ or 
> > http://www.heise.de/ct/browsercheck/n6demo1.shtml
> > I'm not sure of the risk here: the demo shows me I can read local 
> > files, but I knew I could do that. Am I missing something?
> 
> This is acctually very serious.
> Consider a form, a textfield and a script-initiated submit.
> 
> Naturally you are safe if the data does not recieve the server as in the 
> demo.
> 
> Per-Olof Pettersson
> 
>