Detections
Analytics

Debian DSA-051-1 : netscape - unexpected javascript execution

high Nessus Plugin ID 14888

Synopsis

The remote Debian host is missing a security-related update.

Description

Florian Wesch has discovered a problem (reported to bugtraq) with the way how Netscape handles comments in GIF files. The Netscape browser does not escape the GIF file comment in the image information page.
 This allows JavaScript execution in the 'about:' protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77.

Since we haven't received source code for these packages, they are not part of the Debian GNU/Linux distribution, but are packaged up as `.deb' files for a convenient installation.

Solution

Upgrade the Netscape packages immediately and remove older versions.

See Also

http://www.debian.org/security/2001/dsa-051

Plugin Details

Severity: High

ID: 14888

File Name: debian_DSA-051.nasl

Version: 1.19

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:netscape, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 4/23/2001

Vulnerability Publication Date: 4/9/2001

Reference Information

CVE: CVE-2001-0596

DSA: 051