-----BEGIN PGP SIGNED MESSAGE----- Caldera Security Advisory SA-1997.30: Vulnerabilities in Netscape Navigator Original report date: 13-Jun-1997 (for the "Danish Privacy Bug") RPM build date: 10-Nov-1997 Advisory issue date: 15-Dec-1997 Topic: Security problems in Netscape Navigator I. Problem Description Several security bugs were found in Netscape Navigator and Communicator in June, July and August of 1997. A brief summary follows. For more information visit the Netscape security site mentioned below. The "Danish Privacy Bug" can allow malicious Web site operators to retrieve known files from the hard disks of visiting users by mimicking the submission of a form. The "Bell Labs Privacy Bug" and the "Tracker Bug" can allow a malicious Web site to learn the Web site addresses a user visits after leaving the malicious site. They can also allow the malicious site to see "cookie" and form submission information that has been exchanged between the client and server. Client disk access is not possible with these bugs. These bugs were discussed in CERT Advisory CA-97.20. II. Impact The Danish Privacy Bug affects Navigator 2.0, 3.0 and Communicator 4.0. It has been fixed since Navigator version 3.02. The Bell Labs Privacy Bug affects Navigator 2.0, 3.0 and Communicator 4.01. The Tracker Bug affects Navigator 3.0. It has been fixed since Navigator version 3.03. OpenLinux 1.1 Base provides Navigator 2.02. OpenLinux 1.1 Standard provides Navigator Gold 3.01. III. Solutions 1) Work-around: Disable JavaScript. Until you are able to install the appropriate patch, CERT recommends disabling JavaScript in your browser. Note that JavaScript and Java are two different languages, and this particular problem is only with JavaScript. Enabling or disabling Java rather than JavaScript will have no effect on this problem. JavaScript can be disabled from the following Navigator menu: "Options->Network Preferences->Languages" 2) Install Navigator 3.04: Licensed users of Netscape Navigator should obtain the updates from: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.1/current/RPMS as the files: netscape-export-3.04-1.i386.rpm or netscape-gold-export-3.04-1.i386.rpm If you are not a licensed user you can obtain a copy from the Caldera web site: http://www.caldera.com Follow the Netscape link in the left hand column of this page. The MD5 checksums (from the "md5sum" command) for these packages are: 93c18d274a37fe2e3f44ba28d0a4289b netscape-export-3.04-1.i386.rpm 0282e7d5df9e035686f75878ba4ab531 netscape-gold-export-3.04-1.i386.rpm In addition to fixing the above security problems, Navigator 3.04 fixes a bug seen when displaying Java applets in frames. Due to Caldera's relationship with Netscape, this version of Navigator was built on Caldera OpenLinux(tm) 1.1. It also includes several cosmetic customizations and is not binary equivalent to the 3.04 version on Netscape's public FTP site. IV. References / Credits An overview of these problems can be found at the Netscape Security Notes web page: http://home.netscape.com/assist/security/ The Netscape "Cookies and Privacy FAQ" is located at: http://search.netscape.com/assist/security/faqs/cookies.html Additional information can be found in any of the archives of the BUGTRAQ@NETSPACE.ORG mailing list. One archive of this email list can be found at: http://www.geek-girl.com/bugtraq/ The CERT Coordination Center is located at: http://www.cert.org CERT Advisory CA-97.20: JavaScript Vulnerability: http://www.cert.org/pub/advisories/1997/CA-97.20.javascript.html This advisory and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ This Security Alert closes Caldera internal problem reports #826, #837, #859 and #860. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1997.30,v 1.2 1997/12/16 01:19:35 ron Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNJXXWOn+9R4958LpAQHrSAP8D32DYZxcScFbUGYDN3vtqLrMP1Pvu/+b /2wbGmWfQ76meuRzWrXTcdGdTPiZ+xgLRn/B1E1he3vVswVeY00wBgtaheigvew2 IIeVlfPi2yEVOxipPk5k1bE8Vn4Kswld7Wjh2Rx68qxWL58Cv8bWTvg0ohgs24EA kppECkvwUfk= =7tuu -----END PGP SIGNATURE-----