VULHUB ™

Netscape Communicator 4.72 and previous will grant remote access to local html files (including the user's bookmark file and files in their cache) if both cookies and javascript are enabled. This is possible due to the fact that javascript can be embedded in a cookie, written to cookies.txt, and then executed, in which case the code is treated as local and allowed to interact with local data. The path to the user's profile directory must be known to that attacker, as it needs to be specified in the javascript code.

Netscape Communicator 4.72 and previous will grant remote access to local html files (including the user's bookmark file and files in their cache) if both cookies and javascript are enabled. This is possible due to the fact that javascript can be embedded in a cookie, written to cookies.txt, and then executed, in which case the code is treated as local and allowed to interact with local data. The path to the user's profile directory must be known to that attacker, as it needs to be specified in the javascript code.