Problem with Netscape Navigator Core Dumps ****************************************** When Netscape Navigator for unix dumps core, at least the following are readily extractable from the core dump: * the complete contents of the user's bookmarks file * the URL of every site visited in the session * the text of every site visited in the session * the complete contents of the user's unix environment * plaintext of ANY USERNAME/PASSWORD PAIR USED DURING THE SESSION, and the urls to which they belong * the contents of ANY FORM SUBMITTED during the session This stuff is trivially accessible using the "strings" utility or a binary editor. I first noticed this while idly poking at a core left by Netscape when it crashed during normal use. When I started testing, I caused dumps by sending SIGILL. Versions tested (and vulnerable): 3.04 - Solaris, linux 4.04 - Solaris, linux 4.05 - Solaris 4.08 - Solaris, linux Versions on which I could NOT reproduce this (which doesn't mean that problem isn't there, just that I couldn't make it happen): 4.5 - Solaris Other info: * The cores are dumped into Netscape's cwd, which is usually a user's home directory. * When the cores are dumped, they are dumped with permissions set according to the user's umask. So, if permissions on the user's directory and the user's umask are 700 and 077 respectively, the core file will not be readable by other, non-root users. That being the case, it's probably easier to obtain username/password pairs by ethernet sniffing, however, that's no reason for Netscape to ignore the problem, and many users (including admins) are not so careful about their permissions... * Netscape was notified of the existence of this probem approximately two weeks ago, and I've had no response of any kind. by echo8, 3/4/1999