COMMAND

    Netscape Communicator

SYSTEMS AFFECTED

    Netscape Communicator 4.51

PROBLEM

    Georgi  Guninski  found  following.   There  is  a bug in Netscape
    Communicator 4.51,4.5/Win95, 4.08/WinNT (probably others?),  which
    allows sniffing URLs  from another window.   The exploit uses  the
    ability to execute JavaScript code from specially designed URLs in
    the  javascript  console  window,  when  an  error is deliberately
    invoked.  Demonstration and source is available at:

        http://www.nat.bg/~joro/b11.html

    (The exploit does not  work if you are  behind some versions of  a
    squid proxy.   If you do  not see your  URL in a  message box, try
    reloading the main page).

SOLUTION

    Workaround: Disable JavaScript.