Netscape 2.01 fixes server vulnerabilities by breaking the client...
Rich Graves
llurch at networking.stanford.edu
Fri Mar 29 11:21:40 PST 1996
Now I suppose they'll want me to fix all the pages where I do a finger
with a gopher://host:79/0user. Any chance this nonfix can be unfixed?
This nonfix was applied to the UNIX and Win32 versions; I haven't checked
the other platforms.
-rich
>From http://home.netscape.com/eng/mozilla/2.01/relnotes/unix-2.01.html
>go to the security stuff and find:
>
> * Relating to Ports:
>
> 2.01 fixes a problem where it was possible for a Gopher URL to be
> used to send commands to ports other than those that were
> reasonable for the Gopher service. It was possible that this
> feature could be used to exploit other security vulnerabilities
> behind firewalls. Navigator 2.01 fixes this problem by limiting
> the ports that a Gopher URL can access and by disallowing certain
> control characters in a valid Gopher URL.
More information about the cypherpunks-legacy
mailing list