[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Netscape 2.01 fixes server vulnerabilities by breaking the client...

To: [email protected]
Subject: Netscape 2.01 fixes server vulnerabilities by breaking the client...
From: Rich Graves <[email protected]>
Date: Fri, 29 Mar 1996 01:20:54 -0800 (PST)
Sender: [email protected]

Now I suppose they'll want me to fix all the pages where I do a finger
with a gopher://host:79/0user. Any chance this nonfix can be unfixed?

This nonfix was applied to the UNIX and Win32 versions; I haven't checked
the other platforms.

-rich

>From http://home.netscape.com/eng/mozilla/2.01/relnotes/unix-2.01.html
>go to the security stuff and find:
>
>     * Relating to Ports:
>
>       2.01 fixes a problem where it was possible for a Gopher URL to be
>       used to send commands to ports other than those that were
>       reasonable for the Gopher service. It was possible that this
>       feature could be used to exploit other security vulnerabilities
>       behind firewalls. Navigator 2.01 fixes this problem by limiting
>       the ports that a Gopher URL can access and by disallowing certain
>       control characters in a valid Gopher URL.

Follow-Ups:
- Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
  - From: Tom Weinstein <[email protected]>

Prev by Date: Re: Councilman/Usenet porn case...
Next by Date: Re: So, what crypto legislation (if any) is necessary?
Prev by thread: RE: Why Americans feel no compulsion to learn foreign langua
Next by thread: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
Index(es):
- Date
- Thread