Mandrake Linux Security Advisory : netscape (MDKSA-2001:038)

High Nessus Plugin ID 61911


The remote Mandrake Linux host is missing one or more security updates.


A vulnerability exists in versions of Netscape prior to 4.77 that allow a remote web server that the user is accessing to obtain information about the client using Netscape's internal 'about:' protocol. Other internal protocols can be accessed this way, such as the 'about:global' protocol which will display the browser history, or the 'about:config' protocol which will display the browser configuration. These problems are directly related to JavaScript processing embedded commands in GIF files which Netscape does not properly escape, and can be negated by disabling JavaScript in Netscape. However it is recommended that all users upgrade to version 4.77.


Update the affected packages.

Plugin Details

Severity: High

ID: 61911

File Name: mandrake_MDKSA-2001-038.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2012/09/06

Modified: 2014/05/22

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:netscape-castellano, p-cpe:/a:mandriva:linux:netscape-catalan, p-cpe:/a:mandriva:linux:netscape-common, p-cpe:/a:mandriva:linux:netscape-communicator, p-cpe:/a:mandriva:linux:netscape-euskara, p-cpe:/a:mandriva:linux:netscape-francais, p-cpe:/a:mandriva:linux:netscape-german, p-cpe:/a:mandriva:linux:netscape-japanese, p-cpe:/a:mandriva:linux:netscape-navigator, p-cpe:/a:mandriva:linux:netscape-polish, p-cpe:/a:mandriva:linux:netscape-russian, p-cpe:/a:mandriva:linux:netscape-walon, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/04/18

Reference Information

MDKSA: 2001:038