mgs
[Top] [All Lists]

Re: web page - now Browser problems - No LBC content

To: "mgs@autox.team.net" <mgs@autox.team.net>
Subject: Re: web page - now Browser problems - No LBC content
From: Paul Root <proot@iaces.com>
Date: Tue, 12 Mar 2002 09:22:58 -0600
I know someone said they were happy with netcape 4.73. That may not be 
safe. :-(

I trimmed some of the original message.


-------- Original Message --------
Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape
Date: Tue, 12 Mar 2002 06:28:03 -0800 (PST)
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Reply-To: security-advisories@FreeBSD.ORG
To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-02:16                                            Security 
Advisory
 
FreeBSD, Inc.

Topic:          GIF/JPEG comment vulnerability in Netscape

Category:       ports
Module:         netscape
Announced:      2002-03-12
Credits:        Florian Wesch <fw@dividuum.de>
Affects:        All Netscape ports with versions prior to 4.77
Corrected:      2001-04-07 16:41:36 UTC
FreeBSD only:   NO

I.   Background

Netscape Navigator or Communicator is a popular web browser, available
in several versions in the FreeBSD ports collection.

II.  Problem Description

The GIF89a and JPEG standards permit images to have embedded comments,
in which any kind of textual data may be stored.

Versions 4.76 and earlier of the Netscape browser will execute
JavaScript contained in such a comment block, if execution of
JavaScript is enabled in the configuration of the browser.

The Netscape browser supports a non-standard URL scheme, `about:'.
Visiting `about:' URLs causes Navigator to display information which
may be sensitive.  For example, `about:global' gives a listing of
recently accessed URLs; `about:cache' shows a similar listing, but
with the time each page was visited and the name of each corresponding
file in the disk cache; and `about:config' displays the full
configuration of the browser.

JavaScript executed from the comment block of a maliciously
constructed image can send information from an `about:' URL back to a
hostile Web server.

The Netscape ports are not installed by default, nor are they "part of
FreeBSD" as such: they are part of the FreeBSD ports collection, which
contains thousands of third-party applications in a ready-to-install
format.  The ports collection shipped with FreeBSD 4.5 contains some
Netscape versions which are vulnerable to these problems.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit
of the most security-critical ports.

III. Impact

The browser can be caused to transmit sensitive information to a
hostile Web server, if JavaScript is enabled and a page on the server
is visited.

If you have not chosen to install a Netscape port or package, your
system is not vulnerable to this problem.

-- 
Paul T. Root                    E/Mail: proot@iaces.com
600 Stinson Blvd, Fl 1S         PAG: +1 (877) 693-7155
Minneapolis, MN  55413          WRK: +1 (612) 664-3385
NIC:    PTR                     FAX: +1 (612) 664-4779

///
///  mgs@autox.team.net mailing list
///  or try http://www.team.net/cgi-bin/majorcool
///


<Prev in Thread] Current Thread [Next in Thread>
  • Re: web page - now Browser problems - No LBC content, Paul Root <=