new security holes in IE and Netscape
Bob Craigmile
librlc at emory.edu
Wed Jul 23 09:03:38 EDT 1997
Actually they're newly discovered holes. Quoting from:
http://www.nytimes.com/library/cyber/week/072397security.html
see the full story there...
"Both bugs affect Netscape browsers 2.0 and higher, but not Netscape
3.02 or Netscape Communicator. Microsoft browsers Internet Explorer
3.0 and higher are affected by the Bell Labs bug, but only the Windows
95 and NT versions. Also, Microsoft's Platform Preview 1.0 browser is
affected.
Microsoft plans to put up its patches Wednesday morning, and Netscape
plans to offer them by the end of the week under the name Netscape
3.03.
The trouble stems from a gap in the
JavaScript language. Because of the
bugs, someone can set up a Web site
with a JavaScript program that
follows users to other sites and
reports information back, including
the contents of fields in online forms.
If the user is being tracked, a
window, which is not always easily
visible, will open on the screen. The
"tracker" can use the window to
follow the information on the Web
page. Technicians recommend that if
people see an unexpected window
open, they should close it.
For the tracking to set in, the user
must visit the so-called malicious site
first. "
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Bob Craigmile, Reference Librarian
Pitts Theology Library, Emory University
librlc at emory.edu | http://www.pitts.emory.edu/bob/bob.html
404.727.1221 (w) 404.378.6388 (h)
More information about the Web4lib
mailing list