Netscape Browser < 9.0.0.4 Multiple Vulnerabilities

This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Netscape is affected by various security
issues :

- Three bugs that can result in crashes with traces
of memory corruption

- A cross-site scripting vulnerability involving
support for the 'jar:' URI scheme

- A timing issue when setting the 'window.location'
property that could be leveraged to conduct
cross-site request forgery attacks.

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2007-37/
https://www.mozilla.org/en-US/security/advisories/mfsa2007-38/
https://www.mozilla.org/en-US/security/advisories/mfsa2007-39/
http://www.nessus.org/u?b8800503
http://www.nessus.org/u?8cae066a

Solution :

The Netscape Browser / Navigator has been discontinued. While these
issues were reportedly fixed in 9.0.0.4, it is strongly recommended
that you switch to the latest version of another browser, such as
Mozilla Firefox, which the Netscape Team recommends.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 28377 ()

Bugtraq ID: 26385
26589
26593

CVE ID: CVE-2007-5947
CVE-2007-5959
CVE-2007-5960

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now