For best results: this site requires that cookies be enabled for proper operation - see Legal Page for more info
|
For best results: this site requires that cookies be enabled for proper operation - see Legal Page for more info
|
|
Select Any of These |
Netscape BugsLAST UPDATED: Thursday, 14 February 2008 20:47:18 -0600 Translate this page
NETSCAPE 6 VERSUS RED HAT LINUX VERSUS JAVA NETSCAPE 6 VERSUS WINDOWS 2000/NT NETSCAPE JAVA-AS-WEB-SERVER BUG NETSCAPE JAVA VIRTUAL MACHINE SECURITY HOLE NETSCAPE FOR LINUX MANDRAKE NETSCAPE FOR GNU/LINUX SECURITY HOLES NETSCAPE COMMUNICATOR INCONSISTENT SSL CERTIFICATE NETSCAPE ABOUT: JAVASCRIPT SECURITY BUG NETSCAPE AND EXCHANGE CONFLICT NETSCAPE ENTERPRISE SERVER BUFFER OVERFLOW NETSCAPE IPLANET ICAL SHIPPED WITH MULTIPLE BUGS NETSCAPE META-DIRECTORY VERSUS LOTUS NOTES CONNECTOR MICROSOFT IIS 4 VERSUS NETSCAPE COMMUNICATOR 4.7 BUG FIXES FOR NETSCAPE COMMUNICATOR 4.7 COMMUNICATOR 4.X JAVASCRIPT/COOKIES VULNERABILITY
NETSCAPE 6 VERSUS RED HAT LINUX VERSUS JAVANetscape 6 running on a Red Hat Linux 6.0 computer will not work if Java 2 is also installed. According to Netscape, the browser will not launch. The company says there is no problem with Red Hat Linux 6.1. Therefore, Netscape urges users to either upgrade the OS or disable Java.
NETSCAPE 6 VERSUS WINDOWS 2000/NTWhen installing Netscape 6 on a Windows NT or 2000 computer, make sure you have Administrator privileges. Otherwise you will receive the following message during installation: "Error 5." No further explanation is provided after the error message, causing no small amount of confusion. Users who have already tried installation and have been frustrated by this error are urged to try again with Administrator privileges. There should be no problems thereafter.
NETSCAPE JAVA-AS-WEB-SERVER BUGProgrammer and bug researcher Dan Brumleve has discovered a bug in Netscape's implementation of the Java programming language. It allows an unsigned Java applet to read files off a computer and distribute them as a Web server. Brumleve has dubbed this bug the Brown Orifice. Netscape has confirmed and fixed the bug with version 4.75. Users who have not yet upgraded to this new version are urged to do so. Netscape 6 PR1 and PR2 are not susceptible to Brown Orifice. For more information, browse to http://www.netscape.com/security/ and http://www.brumleve.com/BrownOrifice/
NETSCAPE JAVA VIRTUAL MACHINE SECURITY HOLEA bug has been discovered in Netscape's Java Virtual Machine (the part of Netscape that runs applets downloaded from Web pages). The bug could allow a malicious user to include code in the Java applets that could access any file on the visitor's computer. The code itself would be activated without the knowledge of the browser. BugNet, the discoverers of the bug, have offered the following workaround until an official fix has been released from Netscape: disable Java in the Netscape Preferences. Start Netscape and click Edit, Preferences. Select Advanced and uncheck Enable Java. Click OK to save the changes. Users should keep an eye on Netscape's security site for word of a fix. http://home.netscape.com/security/index.html
NETSCAPE FOR LINUX MANDRAKEA bug has been discovered in Netscape for Linux. This tip does not apply to users of Netscape for Windows or Mac. Netscape versions 3.0 through 4.73 for the Linux Mandrake operating system do not properly verify JPEG processing code. These versions of Netscape accept the length parameter for comment fields without verification. By taking advantage of this trusting flaw, it is possible to use Netscape to overwrite memory with erroneous data. This would allow a remote site to execute arbitrary code as the user of Netscape on the client system. For a list of updates, browse to http://www.linux-mandrake.com/en/fupdates.php3 Perform a search within the Web page (Ctrl-F in Communicator) for Netscape and download the appropriate update for your system.
NETSCAPE FOR GNU/LINUX SECURITY HOLESDebian, makers of an open-source operating system based on the Linux kernel, reports that the Netscape Communicator that shipped with all recent versions of GNU/Linux has a couple of security bugs: one in the JPEG handling portion and the other in the Java virtual machine. All users of GNU/Linux and Netscape Communicator are encouraged to upgrade Communicator. For more information, browse to http://www.debian.org/security/2000/20000901
NETSCAPE COMMUNICATOR INCONSISTENT SSL CERTIFICATENetscape Navigator has a flaw that could allow an attacker to masquerade as a legitimate Web site if the attacker can compromise the validity of certain DNS information. This bug affects all versions of Netscape Communicator after 4.0. Within one Netscape session, if a user clicks on Continue in response to a "host name does not match name in certificate" error, then that certificate is incorrectly validated for future use in the Netscape session, regardless of the host name or IP address of other servers that use the certificate. For more information and a list of possible workarounds, read the CERT advisory at the Carnegie Mellon Software Engineering Institute: http://www.cert.org/advisories/CA-2000-08.html
NETSCAPE ABOUT: JAVASCRIPT SECURITY BUGUsers of Netscape should know of a potential security
risk involving a bug in the about: protocol. As you may know, a user
can type "about:" in the location box in Netscape, followed by a tag
such as "JavaScript" or "Netscape," for more information about that
tag. If you are presented with a list of links in your cache, your version of Netscape is vulnerable. A simple workaround is to disable JavaScript in your Netscape Preferences. In Netscape, click Edit, Preferences. Select Advanced and uncheck Enable JavaScript.
NETSCAPE ENTERPRISE SERVER BUFFER OVERFLOWA buffer overflow exists in the Netscape Enterprise
Server for Netware. It is possible to exploit the overflow by
requesting a malformed URL to the server. The request will cause the
services to stop responding and allow the execution of arbitrary code.
This bug affects Netscape Enterprise Server for Netware 4/5 5.0 and
4.1.1. Novell has released a patch, downloadable from
NETSCAPE IPLANET ICAL SHIPPED WITH MULTIPLE BUGSNetscape's iPlanet iCal application is a network-based
calendar service built for organizations that require a centralized
calendar system. iCal shipped with several bugs that malicious users
can exploit to gain read and write access to sensitive files. One bug
in particular allows appending of scripts to a specific file, which
would then run each time the system reinitialized. A new version of
iPlanet iCal will address all these issues and more. However, it was
not yet available as of the writing of today's tip. Concerned users
are urged to contact Netscape via its Security home page for more
information. Or check iPlanet's Web site: You may also want to search "iCal" on
SecurityFocus.com for background information on the discovery of these
vulnerabilities:
NETSCAPE AND EXCHANGE CONFLICTIf you're accessing your Microsoft Exchange Server
using Netscape's Navigator 4.02, you may find the browser locking up
regularly. Microsoft has confirmed a problem in which Netscape stops
when trying to list subfolders in a folder with a very long name (more
than 250 characters). The problem occurs when Netscape performs an
IMAP list '''' ''/%'' instead of the IMAP list '''' ''*'' as it
traverses down the folder tree. When Netscape tries to construct a
list '''' ''/%''
NETSCAPE META-DIRECTORY VERSUS LOTUS NOTES CONNECTORIf you are using Netscape Meta-Directory 1.0 and you uninstall Lotus Notes Connector, Netscape says this will leave \Winnt\notes.ini locked, and the Notes client won't be able to log into the server. As a workaround, back up notes.ini before installing Notes Connector.
NETSCAPE NAVIGATOR WINDOW BUGNetscape Communicator has a minor bug. If you have two Navigator windows already open and try to click the mini toolbar button to open a third window, Netscape just switches back and forth between the two existing windows (similar to Windows' Alt-Tab switching). The workaround is to use the File, New, Navigator Window menu option to open more than two windows. We can only hope Netscape 5.0 will fix this problem.
MICROSOFT IIS 4 VERSUS NETSCAPE COMMUNICATOR 4.7An incompatibility has arisen between Microsoft's
widespread Internet Information Server 4 (note: NOT MS Internet
Explorer, the Web browser) and certain international versions of
Netscape Communicator 4.7. The bug involves miscommunication between
browser and server when Communicator attempts to accept 56-bit digital
certificates. IIS 4 does not support 56-bit certificates, and when
Communicator tries to step up to 128-bit certificates, it causes an
invalid page fault in netscape.exe. Industry sources say that MS IIS 4
is in use on almost 25 percent of all Web servers and that the
affected versions of Netscape total nearly half of all versions in
circulation. Unfortunately, neither of the two software companies
appears willing to accept full responsibility for the bug. The only
upside is for users of the domestic (U.S.) 128-bit version of
Communicator, which Netscape claims is immune to the bug. Users of
international versions can work around the problem by disabling 56-bit
encryption. Follow these steps:
BUG FIXES FOR NETSCAPE COMMUNICATOR 4.7Netscape has an update with several new features as well as some fixes for various security bugs. To update your browser, open Navigator, click the Help menu, and select Software Updates. Follow the instructions from Netscape Netcenter to download the patch.
COMMUNICATOR 4.X JAVASCRIPT/COOKIES VULNERABILITYNetscape Communicator 4.x will grant remote access to local html files (including the user's Bookmark file and cache) if you have both cookies and JavaScript enabled. This is possible because a hacker can embed JavaScript in a cookie--it then gets written to COOKIES.TXT and executed. In such a case the recipient's system will treat the code as local code and allow it to interact with local data. The attacker must know the path to the user's profile directory, since the JavaScript code must specify this path. There is no fix for this problem, but as a quick work-around you could disable cookies and JavaScript in Netscape Preferences. Click Edit, Preferences and select Advanced. Uncheck Enable JavaScript and select Disable Cookies. Furthermore, make sure your User Profile is not named default. You can change the name using the Profile Manager. For more information, browse to http://news.cnet.com/news/0-1005-200-1717169.html
|
Just Check out some of our sponsors
|
|
COPYRIGHT 1998 - 2008 All names used are Trademarks of the respective companies Send mail to
CompanyWebmaster with
questions or comments about this web site.
|
