Netscape - Two Vulnerabilities

[Ramona]

TITLE:
Netscape Two Vulnerabilities

SECUNIA ADVISORY ID:
SA14996

VERIFY ADVISORY:
http://secunia.com/advisories/14996/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, System access

WHERE:
>From remote

SOFTWARE:
Netscape 7.x
http://secunia.com/product/85/

DESCRIPTION:
Some vulnerabilities have been reported in Netscape, which
potentially can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.

For more information, see vulnerabilities #4 and #5 in:
SA14992

The vulnerabilities have been reported in version 7.2. Other versions
may also be affected.

SOLUTION:
Disable JavaScript support and do not install untrusted search
plugins.

PROVIDED AND/OR DISCOVERED BY:
Originally reported by:
Michael Krax and Georgi Guninski

Reported in Netscape by:
Juha-Matti Laurio

OTHER REFERENCES:
SA14992:
http://secunia.com/advisories/14992/

.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

[Alice]

The associated vulnerabilities in Mozilla Suite are described in SA14992
Release Date: 2005-04-18 Last Update: 2005-04-20

4) An error, where the action URL of a search plugin is not verified before being used to perform a search, can be exploited to execute arbitrary script code in a user's browser session in context of the current web site, but requires that the user is tricked into installing a search plugin with a specially crafted "javascript:" URI.

Successful exploitation may allow execution of arbitrary code, if a search is performed when the current web site runs with escalated privileges (e.g. "about:plugins" and "about:config").

5) Some input validation errors when handling parameters of invalid types passed to certain "InstallTrigger" and "XPInstall" related objects via JavaScript may be exploited to execute arbitrary code.

Solution: Update to version 1.7.7.

Similar Firefox vulnerabilities are described in SA14938

Solution: Update to version 1.0.3

.

Unfortunately, Netscape 7.x remains vulnerable to these and earlier-reported vulnerabilites, with the only "solutions" suggested being various workarounds such as disabling javascript and avoiding certain actions.

From the discussion at
http://sillydog.org/forum/viewtopic.php?t=8768
Secunia: Multiple Security Vulnerabilities

Can I just take the opportunity to repeat my litany that none of these vulnerabilities are fixed in any released Netscape browser? Every individual advisory I could find in the Secunia report linked to a Mozilla advisory that claimed the vulnerability had been fixed only in the very latest Mozilla releases. As we all know for the last couple of years Netscape has been simply a corporate branded version of Mozilla plus a few add-ons. I've called AOL's update record for Netscape negligent before and I stand by that.

Again you're probably safe enough browsing with Netscape browsers today because they're an unpopular target. I think that will change as Mozilla browsers become more widely used, and because some of these recently uncovered vulnerabilities are very nasty. If I were a malware author, I'd be tantalized by this latest list. It's time to switch to Mozilla. (Or, I suppose, some other browser. I like Firefox, myself.)

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414