Freedom The Open Source Way Contribute Articles or News to OSForgeOSForge HomeLogout from Forums
Contacting OSForgeOSForge HomeAbout OSForge
  

Root
 Contribute News
 Learning Corner
 Linux Distributions
 Linux Common FAQ's
 Discussion Forums
Community Gallery
Links Directory
Search OSForge
Networking
 Industry Updates
 Linux & Open Source
 Opinions
 Press Release
 Programming
 Security
 Web Development
White Paper
Open-Xchange to Deliver Collaboration Solution Integrated With Parallels Automation
OpenKM - Document Mangement announces version 2.0
SugarCRM Manages End-to-End SaaS Offering with Zenoss
Linux Foundation’s Annual Collaboration Summit Kicks Off
Engine Yard Kicks Off Hackfest Series for Ruby Developers
Plat'Home Launches First Linux-based Eco-Friendly Servers In United States
World’s Largest Python Conference Sees 70 Percent Jump in Attendance
Leading SaaS Infrastructure Provider Deploys Zenoss to Improve Uptime and Reduce Cost
JasperSoft is Most Widely-Deployed Business Intelligence Software in the World

View More »

ZDNet UK: Netscape Flaw Exposes Hard Drives
By : Eric Lim [www] Find more article by Eric Lim on Security
Thursday the 2nd, May 2002 at 02:34 AM (EDT)
Send this Story to a Friend Readers TalkBack (0) - 662 Reads

Printer Friendly Page Printable format
Send this Story to a Friend Foward to Email

"An Israeli software firm has discovered a flaw in Netscape and Mozilla software that allows code hidden in a Web page to read files from the user's PC. The bug is a more serious variant of one patched in Microsoft's Internet Explorer in February.

"GreyMagic Software reported that the problem affects XMLHttpRequest, which allows Web pages in the browser to send and receive XML data via HTTP, the standard Web transfer protocol. XML is an Internet language for describing just about any sort of data.

"According to the report, verified by other developers, XMLHttpRequest doesn't properly check the security settings for some types of data requests in a Web page, allowing them, if properly disguised, to request data from the user's hard drive. The Internet Explorer bug required an attacker to know the name of a file on the user's PC in order to exploit that file, but the Mozilla bug also allows the contents of directories on the local drive to be listed..."

Complete story


  
Reader Rating from 1-5

 

Poor very 
1
2
3
4
5 		 very Excellent

Talkback

Post Your Talkback | View All Talkback (0 Posted)

 Currently there are no Talkback posted on "ZDNet UK: Netscape Flaw Exposes Hard Drives", Click here to be the first to post a talkback.

 
Scroll Up

   About | Term of Use | Privacy | Contact us | Tell a Friend | Advertise  

 OSForge News RSS Feed