I know someone said they were happy with netcape 4.73. That may not be
safe. :-(
I trimmed some of the original message.
-------- Original Message --------
Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape
Date: Tue, 12 Mar 2002 06:28:03 -0800 (PST)
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Reply-To: security-advisories@FreeBSD.ORG
To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
-----BEGIN PGP SIGNED MESSAGE-----
=============================================================================
FreeBSD-SA-02:16 Security
Advisory
FreeBSD, Inc.
Topic: GIF/JPEG comment vulnerability in Netscape
Category: ports
Module: netscape
Announced: 2002-03-12
Credits: Florian Wesch <fw@dividuum.de>
Affects: All Netscape ports with versions prior to 4.77
Corrected: 2001-04-07 16:41:36 UTC
FreeBSD only: NO
I. Background
Netscape Navigator or Communicator is a popular web browser, available
in several versions in the FreeBSD ports collection.
II. Problem Description
The GIF89a and JPEG standards permit images to have embedded comments,
in which any kind of textual data may be stored.
Versions 4.76 and earlier of the Netscape browser will execute
JavaScript contained in such a comment block, if execution of
JavaScript is enabled in the configuration of the browser.
The Netscape browser supports a non-standard URL scheme, `about:'.
Visiting `about:' URLs causes Navigator to display information which
may be sensitive. For example, `about:global' gives a listing of
recently accessed URLs; `about:cache' shows a similar listing, but
with the time each page was visited and the name of each corresponding
file in the disk cache; and `about:config' displays the full
configuration of the browser.
JavaScript executed from the comment block of a maliciously
constructed image can send information from an `about:' URL back to a
hostile Web server.
The Netscape ports are not installed by default, nor are they "part of
FreeBSD" as such: they are part of the FreeBSD ports collection, which
contains thousands of third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.5 contains some
Netscape versions which are vulnerable to these problems.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit
of the most security-critical ports.
III. Impact
The browser can be caused to transmit sensitive information to a
hostile Web server, if JavaScript is enabled and a page on the server
is visited.
If you have not chosen to install a Netscape port or package, your
system is not vulnerable to this problem.
--
Paul T. Root E/Mail: proot@iaces.com
600 Stinson Blvd, Fl 1S PAG: +1 (877) 693-7155
Minneapolis, MN 55413 WRK: +1 (612) 664-3385
NIC: PTR FAX: +1 (612) 664-4779
///
/// mgs@autox.team.net mailing list
/// or try http://www.team.net/cgi-bin/majorcool
///
|