Hi All, Nobody seems to have mentioned the security problems recently spotted in Netscape 4 and also found in earlier versions... so here is the news as of the 16/06. *------------------------------------------------------------* | Michael H. Barker GRSC The University of Liverpool | | Department of Chemistry | | E-mail: mhbarker@liv.ac.uk Oxford Street | | Liverpool | | Tel: +44 151 794 2274 L69 7ZD | | Fax: +44 151 794 3588 United Kingdom | | | | http://www.liv.ac.uk/Chemistry/Links/links.html | | "WWW Links for Chemists" @ The University of Liverpool, UK | *------------------------------------------------------------* http://home.netscape.com/flash3/misc/security_update.html SECURITY UPDATE June 16, 1997 ------------------------------------------------------------------------- The reported privacy bug affecting Netscape Navigator has been identified and fixed. It is now being thoroughly tested by Netscape, and a fix will be released by Wednesday, June 18. The bug, reported by an Internet consultant, affects Netscape Navigator 2.0 and 3.0, and Netscape Communicator 4.0 on all platforms (Windows, Macintosh, and Unix). Netscape will test the fix extensively before releasing it in an updated version of Communicator 4.0 during the week of June 16. A fix for Navigator 3.0 will follow shortly after the Communicator fix. Netscape knows of no reports of successful exploitation of this privacy bug, and no customer incidents have been reported. The privacy bug can allow malicious Web site operators to retrieve known files from the hard disks of visiting users by mimicking the submission of a form. Under ordinary circumstances, users browsing on known, trusted sites are not at risk. However, if a user visits an unknown, untrusted site, the operator of that site can potentially retrieve files from a user's hard disk through an obscure series of steps. For this attack to work, the hacker must know the exact name and path of the file. To completely remove any risk of this bug, Navigator users should download the updated version of Communicator (or Navigator), which includes the fix. In the interim, users of Navigator 3.0 and Communicator 4.0 can take the following steps to enable warning dialog boxes to detect and cancel form submissions: * In Navigator 3.0: Go to the Options menu and select Security Preferences. Select the "Submitting a Form Insecurely" preference to enable that warning dialog box. * In Navigator 4.0: Select the lock in the toolbar to open the Security Advisor. Select Navigator, then select the "Sending Unencrypted Information to a Site" preference to enable that warning dialog box. Although the Internet consultant was unwilling to release the technical details of the bug, he has subsequently released them to Netscape. The information that he provided matches what Netscape determined independently. Netscape will post a fix by June 18. Customers and partners will find download details and updates on the Netscape home page when the fix is available. ------------------------------------------------------------------------- [Navigation bar] Corporate Sales: 415/937-2555; Personal Sales: 415/937-3777; Government Sales: 415/937-3678 If you have any questions, please visit Customer Service, or contact your nearest sales office. Copyright ) 1997 Netscape Communications Corporation chemweb: A list for Chemical Applications of the Internet. Archived as: http://www.lists.ic.ac.uk/hypermail/chemweb/ To unsubscribe, send to majordomo@ic.ac.uk the following message; unsubscribe chemweb List coordinator, Henry Rzepa (rzepa@ic.ac.uk)