Executive Summary
| Summary | |
|---|---|
| Title | New Netscape packages available |
| Informations | |||
|---|---|---|---|
| Name | DSA-051 | First vendor Publication | 2001-04-23 |
| Vendor | Debian | Last vendor Modification | 2001-04-23 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Florian Wesch has discovered a problem (reported to bugtraq) with the way how Netscape handles comments in GIF files. The Netscape browser does not escape the GIF file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77. Since we haven't received sourcecode for these packages they are not part of the Debian GNU/Linux distribution but are packaged up as `.deb' files for a convenient installation. We recommend that you upgrade your Netscape packages immediately and remove older versions. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get install netscape will install the new netscape packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato |
Original Source
| Url : http://www.debian.org/security/2001/dsa-051 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 051-1 (netscape) File : nvt/deb_051_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 5579 | Netscape Communicator GIF Comment Arbitrary Script Execution Netscape Communicator and Netscape Navigator contain a flaw that may allow a malicious webmaster to access data on a visiting user's computer. The issue is triggered when arbitrary Javascript code is placed in a GIF's comment field, which is treated like a normal HTML page. It is possible that the flaw may allow access to sensitive information, including the user's browser history, resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-051.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:24 |
|
