[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] new netscape version
- To: linux-security
- Subject: [linux-security] new netscape version
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 3 May 2001 18:20:42 -0700
- User-Agent: Mutt/1.2.5i
Topic
=====
A flaw in the handling of JavaScript could give a remote site
access to the browser history, and possibly other data.
Problem Description
===================
Netscape does not escape GIF file comments in the image information page;
this allows JavaScript commands embedded therein to be executed. These
commands could access data such as the browser history.
Affected Systems
================
All versions of Netscape with version <= 4.76.
Workaround
==========
Use a different browser, e.g., Mozilla.
Solution
========
Upgrade to version 4.77.
RedHat 6.x
----------
rpm -Fvh netscape-common-4.77-0.6.2.i386.rpm \
netscape-communicator-4.77-0.6.2.i386.rpm \
netscape-navigator-4.77-0.6.2.i386.rpm
RedHat 7.x
----------
rpm -Fvh netscape-common-4.77-1.i386.rpm \
netscape-communicator-4.77-1.i386.rpm \
netscape-navigator-4.77-1.i386.rpm
Debian 2.2 (potato)
-------------------
read the upgrade information at http://www.debian.org/security/2001/dsa-051
(debian provides several packages that seem to provide the same product;
I cannot tell you which one you need).
Mandrake 6.x, 7.0
-----------------
Mandrake has announced that versions 6.x and 7.0 are no longer supported.
No security updates will be released for these versions.
You must upgrade to a supported version (7.1, 7.2, 8.0) now.
Mandrake 7.1
------------
rpm -Fvh netscape-common-4.77-4.2mdk.i586.rpm \
netscape-communicator-4.77-4.2mdk.i586.rpm \
netscape-navigator-4.77-4.2mdk.i586.rpm
Mandrake 7.2
------------
rpm -Fvh netscape-common-4.77-4.1mdk.i586.rpm \
netscape-communicator-4.77-4.1mdk.i586.rpm \
netscape-navigator-4.77-4.1mdk.i586.rpm
Mandrake 8.0
------------
Not affected (? - please check that you have version 4.77)