-----BEGIN PGP SIGNED MESSAGE-----

Caldera Security Advisory SA-1997.30: Vulnerabilities in Netscape Navigator

Original report date:  13-Jun-1997 (for the "Danish Privacy Bug")
RPM build date:    10-Nov-1997
Advisory issue date:  15-Dec-1997

Topic: Security problems in Netscape Navigator

I. Problem Description

  Several security bugs were found in Netscape Navigator and
  Communicator in June, July and August of 1997.  A brief summary
  follows.  For more information visit the Netscape security site
  mentioned below.

  The "Danish Privacy Bug" can allow malicious Web site operators
  to retrieve known files from the hard disks of visiting users
  by mimicking the submission of a form.

  The "Bell Labs Privacy Bug" and the "Tracker Bug" can allow
  a malicious Web site to learn the Web site addresses a user
  visits after leaving the malicious site. They can also allow the
  malicious site to see "cookie" and form submission information
  that has been exchanged between the client and server. Client
  disk access is not possible with these bugs.  These bugs were
  discussed in CERT Advisory CA-97.20.


II. Impact

  The Danish Privacy Bug affects Navigator 2.0, 3.0 and Communicator
  4.0.  It has been fixed since Navigator version 3.02.

  The Bell Labs Privacy Bug affects Navigator 2.0,  3.0 and
  Communicator 4.01.  The Tracker Bug affects Navigator 3.0.
  It has been fixed since Navigator version 3.03.

  OpenLinux 1.1 Base provides Navigator 2.02.
  OpenLinux 1.1 Standard provides Navigator Gold 3.01.


III. Solutions

  1) Work-around:

  Disable JavaScript.  Until you are able to install the appropriate
  patch, CERT recommends disabling JavaScript in your browser. Note
  that JavaScript and Java are two different languages, and this
  particular problem is only with JavaScript.  Enabling or disabling
  Java rather than JavaScript will have no effect on this problem.

  JavaScript can be disabled from the following Navigator menu:

    "Options->Network Preferences->Languages"

  2) Install Navigator 3.04:

  Licensed users of Netscape Navigator should obtain the updates from:

    ftp://ftp.caldera.com/pub/OpenLinux/updates/1.1/current/RPMS

  as the files:

    netscape-export-3.04-1.i386.rpm

  or
    netscape-gold-export-3.04-1.i386.rpm

  If you are not a licensed user you can obtain a copy from the Caldera
  web site:
  
    http://www.caldera.com
  
  Follow the Netscape link in the left hand column of this page.

  The MD5 checksums (from the "md5sum" command) for these packages are:

  93c18d274a37fe2e3f44ba28d0a4289b  netscape-export-3.04-1.i386.rpm
  0282e7d5df9e035686f75878ba4ab531  netscape-gold-export-3.04-1.i386.rpm

  In addition to fixing the above security problems, Navigator 3.04
  fixes a bug seen when displaying Java applets in frames.  Due to
  Caldera's relationship with Netscape, this version of Navigator
  was built on Caldera OpenLinux(tm) 1.1.  It also includes several
  cosmetic customizations and is not binary equivalent to the 3.04
  version on Netscape's public FTP site.


IV. References / Credits

  An overview of these problems can be found at the Netscape
  Security Notes web page:

    http://home.netscape.com/assist/security/
  
  The Netscape "Cookies and Privacy FAQ" is located at:

    http://search.netscape.com/assist/security/faqs/cookies.html

  Additional information can be found in any of the archives of
  the BUGTRAQ@NETSPACE.ORG mailing list.  One archive of this
  email list can be found at:

    http://www.geek-girl.com/bugtraq/

  The CERT Coordination Center is located at:

    http://www.cert.org

  CERT Advisory CA-97.20: JavaScript Vulnerability:

    http://www.cert.org/pub/advisories/1997/CA-97.20.javascript.html
  
  This advisory and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  This Security Alert closes Caldera internal problem reports
  #826, #837, #859 and #860.


V. PGP Signature

  This message was signed with the PGP key for security@caldera.com.

  This key can be obtained from:
    ftp://ftp.caldera.com/pub/pgp-keys/

  Or on an OpenLinux CDROM under:
    /OpenLinux/pgp-keys/

  $Id: SA-1997.30,v 1.2 1997/12/16 01:19:35 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNJXXWOn+9R4958LpAQHrSAP8D32DYZxcScFbUGYDN3vtqLrMP1Pvu/+b
/2wbGmWfQ76meuRzWrXTcdGdTPiZ+xgLRn/B1E1he3vVswVeY00wBgtaheigvew2
IIeVlfPi2yEVOxipPk5k1bE8Vn4Kswld7Wjh2Rx68qxWL58Cv8bWTvg0ohgs24EA
kppECkvwUfk=
=7tuu
-----END PGP SIGNATURE-----