[OOB] Out-of-band candidates for August 11, 2000
The following candidate number has been *assigned* to a highly
publicized security problem. This "out-of-band" candidate is being
posted to the Editorial Board list so that candidate numbers can be
made available as soon as possible for the most serious security
issues. As a reminder, Board members can request out-of-band
candidates for recently publicized security issues that have a broad
This out-of-band candidate is *not* being proposed for votes at this
time. It will be included in the next round of RECENT-XX clusters.
As we begin to work more closely with software vendors, we may be able
to identify a more appropriate way to make such candidates more widely
and rapidly available, e.g. by annotating advisories with candidate
numbers. However, out-of-band assignment (and candidate reservation,
aka pre-publication candidate assignment) are currently the best
Out-of-band assignment will be discussed in more detail at the
upcoming Board meeting.
Netscape Communicator and Navigator 4.04 through 4.74 allows remote
attackers to read arbitrary files by using a Java applet to open a
connection to a URL using the "file", "http", "https", and "ftp"
protocols, as demonstrated by Brown Orifice.