[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape 2.0b2 allows for invasion of privacy (fwd)

This problem was found a few weeks ago and we fixed it immediately.
You all can see the fix in Beta 3, which does not reflect the
history strings into livescript.  As soon as I heard of the problem
I insisted that it be fixed right away.  I also had a fairly extensive
discussion with the creator of livescript about what other things
might be dangerous.  We didn't come up with anything, but will be
doing a security review of livescript before the final 2.0 release
just to make sure.

Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.