On Sep 22, 4:50am, Futplex wrote:
Subject: Re: YET ANOTHER BAD NETSCAPE HOLE! Ray Cromwell writes:
WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered this before! Try a page with the following URL
test
Muahaha! Yet another security hole! Clicking on this mailto brings up an xterm on my machine!
This is curious, because Netscape 1.1N doesn't do this on my setup, unless I misunderstand your description somehow. The full string including the pipe and all come up in the To: field of the standard Netscape mailer window. At that stage I see it as much less of a potential risk. I can't test what happens if you actually try to send mail to such a trojan horse URL, because there's some screwy configuration here that makes Netscape complain about not being able to connect to localhost (!?!) when I try to send mail from it.
Mosaic 2.4 gives a standard warning page in response to this.
(I'm using SunOS 4.1.2)
-Futplex <futplex@pseudonym.com> -- End of excerpt from Futplex
This is not curious. Ray uses a very old sendmail version. It's not a Netscape bug, it's rather a sendmail bug. Cheers Rainer