IE "Local JavaScript" security hole

-Bennett Haselton, bennett@peacefire.org
5/5/2000

News sightings: C-Net | NewsBytes

See also:
JavaScript-in-cookies security hole
Eudora "stealth attachment" demo page

This page demonstrates a security hole in Internet Explorer 5.x. However, the exploit will only work if you have Netscape Communicator 4.x installed and are using a profile named "default". So you have to have Netscape Communicator installed, but you have to be using IE to view the "demo page". (It would not be hard to trick an unsuspecting Netscape user into viewing a particular page with IE, since all Windows 98 users have IE on their computers anyway, and some pages say that they simply will not work unless you view them with a particular browser.)

To view the demo,

• You must have Netscape Communicator installed to
  C:\Program Files\Netscape\Communicator
• Your Netscape user profile must be named "default"
  (the preceding two conditions are just to ensure that your Netscape preferences file is stored at
  C:\Program Files\Netscape\Users\default\prefs.js )
• You must view the following page with Internet Explorer 5.x:
  http://www.peacefire.org/security/localjs/demo.html

The demonstration will not work, and will not do anything, period if your user Netscape user preferences file is not located at
C:\Program Files\Netscape\Users\default\prefs.js
or if you view the above link in a browser other than Internet Explorer for Windows.