cuppettcj wrote:1) On the Netscape Browser Archive on this site, it is mentioned: "SillyDog701's note: if you are using Windows 98, please download Netscape 7.02 instead." What about Windows 95? Millenium Editon? Is there a difference if you have 98 Second Edition (called Windows 99 by some)?
All Windows OS are affected, with Windows 98 being the most.
2) Has anyone been able to confirm that this problem absolutely does not exist on Windows NT, 2000, or XP?
No, it does exist on NT, W2K, and XP, but just takes longer to show up.
3) What about the workaround? [user_pref("browser.cache.memory.capacity", 1024);] Does this or does this not solve the problem? If not, why is it recommended?
Yes, it does solve the problem.
4) Is there any benefit whatsoever to applying the workaround if you have Windows XP?
The reason that I'm asking these questions now is because I want to reformat my hard drive and put Netscape back on. I have been waiting for over a week for Netscape to release version 7.2 so that I don't have to use 7.1, but T_Moz has subtly suggested that it will probably be delayed until at least the end of the month. Since he already has 7.2, I assume his "speculation" is based upon knowledge that isn't available to most of us. Therefore I've decided not to wait any longer. I will put version 7.1 on my triple boot system that includes Windows Me, Windows XP Pro, and Red Hat Fedora Core Linux. When version 7.2 eventually does come out, I'll just uninstall 7.1 before installing 7.2 (at least on Windows Me/XP, I'm new to Linux and will have to figure out what to do for that OS).
More information on the Resource Leak here: Resource Leak in Netscape 7.1
Also apply the Shell Protocol Security Patch, if you run W2K, or WinXP which is found here: ShellBlock 1.0
Any user who is running Windows XP, and possibly W2K, should either apply Mozilla's shellblock.xpi security patch, or upgrade to Mozilla 1.7.1, Firefox 0.9.2, and Thunderbird 0.7.1. See Mozilla 1.7.1 Released
for the links to the downloads. Netscape 7.1 and previous versions are also affected, however the patch has been confirmed to work only for Netscape 7.1, and 7.02.
Ensure that you have Software Installation enabled. That is done here:
Edit | Preferences | Advanced | Software Installation
Once the patch is installed, close the browser, then restart, in order for the patch to take effect.
Windows 98 users are not affected by the vulnerability. See these comments which I found in the Netscape 7.1 Newsgroup:
The pref user_pref ("network.protocol-handler.external.shell", false) doesn't appear in 7.1 either, the user has to add it with a value of "false". Netscape 7.2 already has it fixed in the distro. And from what we've see so far the exploit does not affect Win98, just XP and possibly Win2K
Jay Garcia Netscape Champion - Mozilla Champion
From the cases I've read, shellblock.xpi works on 7.1, but not on 7.0x.
It works. In Netscape 7.1, shell links will still appear as links, but clicking on them will do nothing.
Also, make sure you restart Netscape after installing shellblock.xpi.
Chris Ilias - Mozilla Champion
If you are able to access the Newsgroup, this is the thread:
UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.1) Gecko/20040707