exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Sep 23, 1999


SHA-256 | c0b65b6a2d0cb6252bc52eff9a4585948d0617087a5483e4d48bbc29803c8fa0


Change Mirror Download

Caldera Security Advisory SA-1997.30: Vulnerabilities in Netscape Navigator

Original report date: 13-Jun-1997 (for the "Danish Privacy Bug")
RPM build date: 10-Nov-1997
Advisory issue date: 15-Dec-1997

Topic: Security problems in Netscape Navigator

I. Problem Description

Several security bugs were found in Netscape Navigator and
Communicator in June, July and August of 1997. A brief summary
follows. For more information visit the Netscape security site
mentioned below.

The "Danish Privacy Bug" can allow malicious Web site operators
to retrieve known files from the hard disks of visiting users
by mimicking the submission of a form.

The "Bell Labs Privacy Bug" and the "Tracker Bug" can allow
a malicious Web site to learn the Web site addresses a user
visits after leaving the malicious site. They can also allow the
malicious site to see "cookie" and form submission information
that has been exchanged between the client and server. Client
disk access is not possible with these bugs. These bugs were
discussed in CERT Advisory CA-97.20.

II. Impact

The Danish Privacy Bug affects Navigator 2.0, 3.0 and Communicator
4.0. It has been fixed since Navigator version 3.02.

The Bell Labs Privacy Bug affects Navigator 2.0, 3.0 and
Communicator 4.01. The Tracker Bug affects Navigator 3.0.
It has been fixed since Navigator version 3.03.

OpenLinux 1.1 Base provides Navigator 2.02.
OpenLinux 1.1 Standard provides Navigator Gold 3.01.

III. Solutions

1) Work-around:

Disable JavaScript. Until you are able to install the appropriate
patch, CERT recommends disabling JavaScript in your browser. Note
that JavaScript and Java are two different languages, and this
particular problem is only with JavaScript. Enabling or disabling
Java rather than JavaScript will have no effect on this problem.

JavaScript can be disabled from the following Navigator menu:

"Options->Network Preferences->Languages"

2) Install Navigator 3.04:

Licensed users of Netscape Navigator should obtain the updates from:


as the files:



If you are not a licensed user you can obtain a copy from the Caldera
web site:


Follow the Netscape link in the left hand column of this page.

The MD5 checksums (from the "md5sum" command) for these packages are:

93c18d274a37fe2e3f44ba28d0a4289b netscape-export-3.04-1.i386.rpm
0282e7d5df9e035686f75878ba4ab531 netscape-gold-export-3.04-1.i386.rpm

In addition to fixing the above security problems, Navigator 3.04
fixes a bug seen when displaying Java applets in frames. Due to
Caldera's relationship with Netscape, this version of Navigator
was built on Caldera OpenLinux(tm) 1.1. It also includes several
cosmetic customizations and is not binary equivalent to the 3.04
version on Netscape's public FTP site.

IV. References / Credits

An overview of these problems can be found at the Netscape
Security Notes web page:


The Netscape "Cookies and Privacy FAQ" is located at:


Additional information can be found in any of the archives of
the BUGTRAQ@NETSPACE.ORG mailing list. One archive of this
email list can be found at:


The CERT Coordination Center is located at:


CERT Advisory CA-97.20: JavaScript Vulnerability:


This advisory and other Caldera security resources are located at:


This Security Alert closes Caldera internal problem reports
#826, #837, #859 and #860.

V. PGP Signature

This message was signed with the PGP key for security@caldera.com.

This key can be obtained from:

Or on an OpenLinux CDROM under:

$Id: SA-1997.30,v 1.2 1997/12/16 01:19:35 ron Exp $

Version: 2.6.2

Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By