Netscape version 9.0.0.6 suffers from a cross domain vulnerability.
75a7371ed98654afe562b947d7302bb8bd52503612106d59670dc3a29e5e3003
Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.
e54255ca79425edaf6f80ec86b150446915000646da9fc75bb873211676e0a94
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
501fee417fe6ba2b16a422f5cde669441ffad8611bba304f314fbdf49e7846e3
Red Hat Security Advisory 2012-1090-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
39c19044934dc07eaf2ccda4a7067b0b643c2cc6a9cc89a40b7f6f5157c495f1
Red Hat Security Advisory 2012-1091-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
d72857c706afe58af56ef92496d0bf05c85429eac1b79962ede93b64b9d8c56a
Red Hat Security Advisory 2012-0973-04 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
bd86edb0d7d1e0e9eb08ff6f70f96509f32f3170947d1f455892784f3cc8b4f1
This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.
afe6f4a0ab4ce26e52bdcf64e8ae768dd81416309332ac0a348749bb8aaf5074
Red Hat Security Advisory 2011-1282-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.
a884a607ae27878afcfbd52fadabd7a11a89958104794a34bd7e1ee987079abe
Zero Day Initiative Advisory 11-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
bc91adce1bd45fa15577bc229f615332822f74d37c5345e8507b31a5ec371be4
Zero Day Initiative Advisory 11-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
76c8aac3aaa1dd56609ce784b9bfa3b944af2b8b4f7a710acf917d2d9e1b9047
Zero Day Initiative Advisory 11-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the iprint-client-config-info parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
279b78ac788ad0454a5133cf6744fcf7bb29e7c71aca991801aa631596d22d61
Zero Day Initiative Advisory 11-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
19164593dc3e90806077d1518c8540b9e8f300b001a3af65d3fb1277e4e7be52
Zero Day Initiative Advisory 11-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the core-package parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
ac1efaf5779eeb72f56f7491fcc3d526815a0390b13d4749ed832449cf22ee2c
Zero Day Initiative Advisory 11-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the driver-version parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
d45f7d6368fec8e56ca1c84b3746499b68d60c04754388900ad430e4dcc0ed50
Zero Day Initiative Advisory 11-175 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the file-date-time parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
b6cb5abb6a7836d36ebdacb59edab2ec56ed12b7a1c4cda0594cd08b3de61de9
Zero Day Initiative Advisory 11-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
391d941cb7c01a87b45b4ed3b8241392cada1729c9da357c02e067eb7810fc4f
Zero Day Initiative Advisory 11-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-time parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
dcf111bdf57ff890992aa66a9d218515a80d32d588c6a618e43708c8cc8b43f8
Zero Day Initiative Advisory 11-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the uri parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
631493c59c0625b36a02bbc87da0aeaa288888ee2c3ef992acee4d4a997a7383
Zero Day Initiative Advisory 10-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components npnipp.dll and ienipp.ocx which are installed by default with the iPrint client. When handling the printer-state-reasons operation provided via the embed tag the module makes a request to the specified printer-url and performs insufficient validation of the size of the printer-state-reasons status response. The process then copies this user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
1a444b90128533e815e8cfb508e60327b810b7bd2bb1a698ab98b745fc9317a3
Mandriva Linux Security Advisory 2010-248 - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
0fb80493b5de14184b37107e51a4ef79834ed23a3a5deaf0133ebe29ebebf177
Netscape Browser version 9.0.0.6 clickjacking proof of concept exploit.
a97b5d162bdb289c3c56bd5328ad7a284f98b1b0906436a6922b33423cd0e1b1
VMware Security Advisory - Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.
750bfc5b2e28a67af487861fbcc96e099b1881a6cbe999078d4626cf32cfde37
Debian Linux Security Advisory 1931-1 - Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code.
1dd5caa885d4b33e9a984b9d27896dae4095bbfbe03a2292c41fb3e3e161e3ec
ECMAScript in IE5, IE6, IE7, IE8, Netscape, Firefox, Safari, Opera, Konqueror, Seamonkey, Wii, PS3, iPhone, iPod, Nokia, Siemens and various other browsers allows for a denial of service condition.
0565fa347a433f911f7bc37200f43fcc3f38e665338086d0cdaaf81a0163b693
Secunia Security Advisory - Gentoo has issued an update for netscape-flash. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, disclose sensitive information, and potentially compromise a user's system.
712c0bc89df13411a97d60efe51d28c59f0dc4b11ad17af0abc39ebdc49bc304
SEC Consult Security Advisory 20081016-0 - Instant Expert Analysis uses a signed Java applet for Firefox or Netscape browsers and a signed ActiveX plugin for Internet Explorer. Both applets allow an attacker to download and execute arbitrary applications when the user visits an infected website.
4389e14bdabddae18e2fd1658419cc963957c03ba043729d6ea732a805c3413c