Kodutöö
Netscape 6 turvaaugud
Autor nr 1
ITK
100xxxxx
1. Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability
An issue exists in handling of HTTP redirects in the XMLHttpRequest object used by
Mozilla and Netscape 6.
The XMLHttpRequest object allows a client machine to obtain an XML document
through a HTTP request. If the server response to this request is a redirect to a local file,
script security measures are bypassed and the file is accessed. This could lead to a
disclosure of sensitive information to remote attackers.
This vulnerability may also be used to list files in folders, potentially allowing all files
that the user of the browser has access to being listed.
It has been reported that this issue also exists with the load method applied to XML
documents created with the createDocument method of the DOMImplementation
interface.
Some updates have been released for both Nautilus and Galeon, which have source
common to the Mozilla project. The
vulnerability of these products has not, however, been independantly confirmed.
2. Netscape 6 Temp File Symbolic Link Vulnerability
Netscape 6 is a freely available web browser distributed by Netscape Communications.
Netscape 6 creates insecure temporary files when installed on Solaris systems. When
installed, the program creates files in the /tmp directory using the admin prefix and
process id as the file extension.
A local user that knows an administrator is installing the package could create a range of
symbolic links, and potentially cause Netscape to overwrite sensitive system files,
resulting in a denial of service. It is unknown whether this affects other UNIX systems.
3. Mozilla/Netscape remotely expoitable heap overflow
Software:
Description:
Mozilla 1.0
Mozilla 1.1
Mozilla 1.3
Mozilla 1.4
Netscape 6.x
Netscape 7.x
Opera 6.x
Opera 7.x
Mozilla and derived browsers like Netscape suffer a heap overflow in the JAR handler.
By constructing a malformed .jar file, it is possible to cause a heap overflow. By
providing invalid values a too small buffer will be created, thus excessive data will cause
a buffer overflow. This has been proved exploitable.
4. Mozilla, Opera and Netscape Security Model Violation
Software:
Mozilla 1.0
Mozilla 1.1
Mozilla 1.3
Mozilla 1.4
Netscape 6.x
Netscape 7.x
Opera 6.x
Opera 7.x
Description:
An older vulnerability has apparently resurfaced in Mozilla, Opera and Netscape, which
allows malicious websites to execute arbitrary JavaScript and possibly Java in the context
of other sites.
The problem is that it is possible to create a JavaScript function, which will open a
different website and execute code in this site's security context.
5. Reading local files in Netscape 6 and Mozilla.
By directing the "open" method to a web page that will redirect to a local/remote file it is
possible to fool Mozilla into thinking it's still in the allowed zone, therefore allowing us
to read it.
WWW
http://www.secunia.com/
http://www.computercops.biz/article415.html
http://www.securityfocus.com