Yes, that is true. This is precisely why this is not such a big deal for us, although it may be for people running Windows...
Jim Michael <[EMAIL PROTECTED]> writes: > On 19 Jun 1997, John Goerzen wrote: > > > Let's not over-react, please. This bug *only* allows people to see > > files that the user running Netscape has access to, and *only* if it > > already knows the names of these files. On a Debian 1.3 machine, > > which uses shadow passwords, essentially the only thing that would be > > of use for people would be files in your home directory. And since > > there are no predictable patterns for these files, it would be > > difficult to construct a web page that would cause serious harm. > > NT and Win95 users are at risk since the OS is typically loaded into the > default directories and files such as those containing passwords are > susceptible to being accessed. Recommendation from NS is to turn off Java > Script and set the warn of sending secure data option until the patched > versions are released. > > Cheers, > > Jim > -- John Goerzen | Running Debian GNU/Linux (www.debian.org) Custom Programming | [EMAIL PROTECTED] | -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
