SillyDog701 Message Centre

[Antony]

According to Secunia, an old vulnerability was discovered in many modern browsers, allowing malicious people to spoof the content of websites. The affected browsers include Safari, Konqueror, Opera, MSIE, and all Mozilla (Gecko-based) browsers.

[DJGM]

I've just tested that vuln using the instructions in Secunia's advisory. The browser I'm using at the
moment (Mozilla 1.7 on SUSE Linux) does not appear to be affected. No content from Secunia
appeared in any frames on the MSDN website that opened in the second browser window.

EDIT 1:
Having now just tested this in Netscape 7.1, the vuln is apparent in this browser.

EDIT 2:
Konqueror 3.2 on Linux also appears to be vulnerable to this bug.

EDIT 3:
Mozilla Firefox 0.9.1 is not affected.

UserAgent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040618

---

Mozilla = Swiss Army Knife: It's versatile, reliable, and contains useful tools.
Microsoft Internet Explorer = Old Swiss Cheese: Full of holes, and it stinks!

[Edward]

Opera 7.51 for Linux is affected by this.

UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i586) Opera 7.51 [en]

---

SillyDog701 Moderator
User of SeaMonkey under Mandriva Linux.

[Antony]

[DJGM]

[marcoos]

Browsers based on Gecko 1.7 (for all operating systems), such as Mozilla suite 1.7 and Firefox 0.9.1 are immune to this attack (Secunia's report says this, too).

UserAgent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.7) Gecko/20040626 Firefox/0.9.1

---

http://www.firefox.pl/ | http://www.thunderbird.pl/

[Mandrake]

It's good to see that Mozilla and Firefox are not effected by this latest flaw. This is certainly a good reason to upgrade to FireFox 0.9.1 or Mozilla 1.7.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616

---

Antec 900 Case | Core 2 Duo E8200 | Gigabyte X48-DS4 | 4GB G-Skill/Kingston DDR2-800 | HIS Radeon 4870 Xfire | Zalman 850W PSU | Auzen X-Fi Prelude | Logitech Z-2300 Speakers | Sony 1080P 40" HDTV | MS Natural MultiMedia Keyboard | MS Habu Gaming Mouse

[Wellander]

Hi,
How about Netscape 4.x and lower?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520

[Wellander]

Hi,
I can not find it in 1.7 and 1.8a1.
I think that these browsers are safe.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520

[Edward]

Also affects Konqueror 3.2.1 under Linux.

UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i586) Opera 7.51 [en]

---

SillyDog701 Moderator
User of SeaMonkey under Mandriva Linux.

[Phoenix21692]

I just tested the bug on Netscape Communicator 4.8 and it doesn't appear to be vulnerable. And yes, it doesn't affect Mozilla 1.7 either. Also, I tested the bug on the Release Candiates 1, 2, and 3 of Mozilla 1.7 and these were affected by the bug. Not only that, the flaw also affects Mozilla 1.3.1 and 1.4.2. I'm sure it would affect many of the older builds. So, that means most of the Mozilla builds, up to version 1.7 RC 3 are vulnerable.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616

[DJGM]

[Don_HH2K]

Great.. Any suggestions on what to do with my old PCs running NS6.1? K-Meleon appears to also be vulnerable, Mozilla won't work in versions above 0.9.4, and Firefox is just as slow for me as 0.9.5+ is...

If NS7.2 isn't released soon, I'll probably switch to Mozilla and possibly stay there. In that case, I hope I'll find a way to get AIM to integrate into Moz1.7..

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

[akbash]

Of all the security and crash fixes made since Netscape 6, this is a relatively minor one.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a2) Gecko/20040704 Firefox/0.8.0+

[Fulvio]