Secunia Logo
Netsikker nu! 2008
 
Netscape Three Vulnerabilities
Secunia Advisory: SA14206
Release Date: 2005-02-09
Last Update: 2005-05-20
Popularity: 11,512 views

Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
Where: From remote
Solution Status: Vendor Patch

Software:Netscape 7.x

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2005-0230
CVE-2005-0231
CVE-2005-0232


Description:
mikx has discovered three vulnerabilities in Netscape, which can be exploited by malicious people to plant malware on a user's system, conduct cross-site scripting attacks and bypass certain security restrictions.

1) Netscape validates an image against the "Content-Type" HTTP header, but uses the file extension from the URL when saving an image after a drag and drop event. This can e.g. be exploited to plant a valid image with an arbitrary file extension and embedded script code (e.g. .bat file) on the desktop by tricking a user into performing a certain drag and drop event.

2) Missing URI handler validation when dragging a "javascript:" URL to another tab can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site by tricking a user into dragging a malicious link to another tab.

3) An error in the restriction of URI handlers loaded via plugins can be exploited to link to certain restricted URIs (e.g. about:config).

This can further be exploited to trick a user into changing some sensitive configuration settings.

The vulnerabilities have been confirmed in version 7.2. Other versions may also be affected.

Solution:
Update to version 8.0.1.
http://browser.netscape.com/ns8/download/default.jsp

Provided and/or discovered by:
Originally discovered by:
mikx

Reported in Netscape by:
Juha-Matti Laurio

Changelog:
2005-05-20: New version released. Updated "Solution" section.

Original Advisory:
1) http://www.mikx.de/index.php?p=8
2) http://www.mikx.de/index.php?p=9
3) http://www.mikx.de/index.php?p=10


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 6
New vulnerabilities: 14
Updated advisories: 10

Less // 133 views
Debian update for openldap
Moderately // 115 views
Debian update for ruby1.9
Moderately // 120 views
Debian update for ruby1.8

10th Oct, 2008
New advisories: 15
New vulnerabilities: 83
Updated advisories: 39

Moderately // 833 views
Red Hat update for cups

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue // 142 views
2. Debian update for openldap // 117 views
3. Debian update for ruby1.8 // 108 views
4. Debian update for ruby1.9 // 104 views
5. GuildFTPd "LIST" Processing Buffer Overflow Vulnerability // 81 views
6. Sun Java System Web Proxy Server FTP Subsystem Buffer Overflow // 44 views
7. CUPS Multiple Vulnerabilities // 42 views
8. Apple Mac OS X Security Update Fixes Multiple Vulnerabilities // 36 views
9. FUJITSU Interstage Products Apache Tomcat Security Bypass // 27 views
10. Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities // 26 views