Computer Security
[EN] no-pyccku

Related information

  Получение пути к почтовому ящику в Netscape (mbox path)

From:3APA3A <3APA3A_(at)>
Subject:SECURITY.NNOV: Netscape 4.7x Messanger user information retrival

There  are  known bugs in Netscape which require information on user's
files location. This bug is not serious one, but it allows to get this

Topic                   : Netscape 4.7x user information retrival
Author                  : 3APA3A <[email protected]>
Affected software       : Netscape 4.7x All Platforms
Vendor                  : Netscape (IPlanet)
Risk                    : Low
Remotely Exploitable    : Yes
Released                : 30 May 2001
Vendor URL              :
SECURITY.NNOV advisories:


Netscape  Messanger  uses  internal  protocol  called  mailbox://. The
format of mailbox URI is


this  URI  contains full path to user's mailbox which usually contains
user's  login  name  and  in case of Windows 9x - the path to Netscape
installation.   It's   impossible  to  determine  this  location  from
javascript    inside    e-mail   message,   because   Netscape   hides
document.location from javascript.


It's  possible  to  retrieve mailbox:// URI of the message. E.g., it's
possible to retrieve mailbox location, user's system login and in some
cases path to Netscape installation.


When  link  invoked  from  message,  Netscape sets "document.referrer"
property  to URI of the message contained this link. Javascript on the
target  page  is  able  to  retrieve  this property and pass it to any
location together with IP of calling machine.


If  you read this message with Netscape Messanger you can simply click
reference  to  see  your
mailbox location or you can force Netscape user to open this page with
message like this:

From: 3APA3A
To: 3APA3A
Subject: Test your Netscape
Content-Type: text/html



Netscape was contacted May, 30 2001 via
No feedback were given.

       { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
You know my name - look up my number (The Beatles)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod