Home > Security > Advisories

Advisories

Mandriva Advisories

Package name netscape
Date April 18th, 2001
Advisory ID MDKSA-2001:038
Affected versions 7.1, 7.2, CS1.0
Synopsis Updated netscape packages fix improper GIF parsing

Problem Description

A vulnerability exists in versions of Netscape prior to 4.77 that allow
a remote web server that the user is accessing to obtain information
about the client using Netscape's internal "about:" protocol. Other
internal protocols can be accessed this way, such as the "about:global"
protocol which will display the browser history, or the "about:config"
protocol which will display the browser configuration. These problems
are directly related to javascript processing embedded commands in GIF
files which Netscape does not properly escape, and can be negated by
disabling javascript in Netscape. However it is recommended that all
users upgrade to version 4.77.

Updated Packages

Mandrakelinux 7.1

 37cc3b34b485abf569bc22bcafa23b1c  7.1/RPMS/netscape-castellano-4.77-1.1mdk.noarch.rpm
699466c5f387a3e410366ea6d629fbb3  7.1/RPMS/netscape-catalan-4.77-1.1mdk.noarch.rpm
da78ad97b1a5fc7c726e6eb4a764f392  7.1/RPMS/netscape-common-4.77-4.2mdk.i586.rpm
47573536b59c3b057d3cf26b0368e3ba  7.1/RPMS/netscape-communicator-4.77-4.2mdk.i586.rpm
c3922fd9230dccaa310bfafe10b365c4  7.1/RPMS/netscape-euskara-4.77-1.1mdk.noarch.rpm
d9b5472bafcb2c0633776e591cfc8fd2  7.1/RPMS/netscape-francais-4.77-1.1mdk.noarch.rpm
967cf4eadcde5d4644c8bca3a846b52c  7.1/RPMS/netscape-navigator-4.77-4.2mdk.i586.rpm
6e70a5c2293ed14d1e5c5ef2cbf2c295  7.1/RPMS/netscape-russian-4.77-1.1mdk.noarch.rpm
1072e0cd863f8e8121278f054ba06979  7.1/RPMS/netscape-walon-4.77-1.1mdk.noarch.rpm
df3d4cc7f3075d5e3e8459f472c3ff58  7.1/SRPMS/netscape-4.77-4.2mdk.src.rpm
fe84557addcc56a217cb2650713f6cf6  7.1/SRPMS/netscape-castellano-4.77-1.1mdk.src.rpm
d3f5f0e11089c3c6cb42b6af68bf01bf  7.1/SRPMS/netscape-catalan-4.77-1.1mdk.src.rpm
64e4a2df5c9e67d5d5f731b488a4fd99  7.1/SRPMS/netscape-euskara-4.77-1.1mdk.src.rpm
2e6f987e74f0979212560a41a599a16d  7.1/SRPMS/netscape-francais-4.77-1.1mdk.src.rpm
9f8747c7d3112d33316d19f42263b3ff  7.1/SRPMS/netscape-russian-4.77-1.1mdk.src.rpm
4096dccde8cbde3699eb37098061effb  7.1/SRPMS/netscape-walon-4.77-1.1mdk.src.rpm

Mandrakelinux 7.2

 37cc3b34b485abf569bc22bcafa23b1c  7.2/RPMS/netscape-castellano-4.77-1.1mdk.noarch.rpm
699466c5f387a3e410366ea6d629fbb3  7.2/RPMS/netscape-catalan-4.77-1.1mdk.noarch.rpm
ee26b3c1a3d1026080b47037c6fbd4f7  7.2/RPMS/netscape-common-4.77-4.1mdk.i586.rpm
488e736cef4f0bbd37c1b1457d83d0da  7.2/RPMS/netscape-communicator-4.77-4.1mdk.i586.rpm
c3922fd9230dccaa310bfafe10b365c4  7.2/RPMS/netscape-euskara-4.77-1.1mdk.noarch.rpm
d9b5472bafcb2c0633776e591cfc8fd2  7.2/RPMS/netscape-francais-4.77-1.1mdk.noarch.rpm
0476a48d9a091016bf461ee8c6d14fd5  7.2/RPMS/netscape-german-4.77-1.1mdk.noarch.rpm
7f4ebd215801257695d5fad723233a08  7.2/RPMS/netscape-japanese-4.77-1.1mdk.noarch.rpm
4ed8f21b3cc771dce4cbe001d93766f2  7.2/RPMS/netscape-navigator-4.77-4.1mdk.i586.rpm
246d65c9b57b8fc847c272080d119276  7.2/RPMS/netscape-polish-4.77-1.1mdk.noarch.rpm
6e70a5c2293ed14d1e5c5ef2cbf2c295  7.2/RPMS/netscape-russian-4.77-1.1mdk.noarch.rpm
1072e0cd863f8e8121278f054ba06979  7.2/RPMS/netscape-walon-4.77-1.1mdk.noarch.rpm
eba0556ba4a7d52fa24eb087ac63839b  7.2/SRPMS/netscape-4.77-4.1mdk.src.rpm
fe84557addcc56a217cb2650713f6cf6  7.2/SRPMS/netscape-castellano-4.77-1.1mdk.src.rpm
d3f5f0e11089c3c6cb42b6af68bf01bf  7.2/SRPMS/netscape-catalan-4.77-1.1mdk.src.rpm
64e4a2df5c9e67d5d5f731b488a4fd99  7.2/SRPMS/netscape-euskara-4.77-1.1mdk.src.rpm
2e6f987e74f0979212560a41a599a16d  7.2/SRPMS/netscape-francais-4.77-1.1mdk.src.rpm
e8762939a5ff584a6f125f38fdbdd9cd  7.2/SRPMS/netscape-german-4.77-1.1mdk.src.rpm
61363874276316b60bbc9b2a1c61cfb5  7.2/SRPMS/netscape-japanese-4.77-1.1mdk.src.rpm
c3293f2a44460437807a0dcbf313c0a1  7.2/SRPMS/netscape-polish-4.77-1.1mdk.src.rpm
9f8747c7d3112d33316d19f42263b3ff  7.2/SRPMS/netscape-russian-4.77-1.1mdk.src.rpm
4096dccde8cbde3699eb37098061effb  7.2/SRPMS/netscape-walon-4.77-1.1mdk.src.rpm

Corporate Server 1.0.1

 37cc3b34b485abf569bc22bcafa23b1c  1.0.1/RPMS/netscape-castellano-4.77-1.1mdk.noarch.rpm
699466c5f387a3e410366ea6d629fbb3  1.0.1/RPMS/netscape-catalan-4.77-1.1mdk.noarch.rpm
da78ad97b1a5fc7c726e6eb4a764f392  1.0.1/RPMS/netscape-common-4.77-4.2mdk.i586.rpm
47573536b59c3b057d3cf26b0368e3ba  1.0.1/RPMS/netscape-communicator-4.77-4.2mdk.i586.rpm
c3922fd9230dccaa310bfafe10b365c4  1.0.1/RPMS/netscape-euskara-4.77-1.1mdk.noarch.rpm
d9b5472bafcb2c0633776e591cfc8fd2  1.0.1/RPMS/netscape-francais-4.77-1.1mdk.noarch.rpm
967cf4eadcde5d4644c8bca3a846b52c  1.0.1/RPMS/netscape-navigator-4.77-4.2mdk.i586.rpm
6e70a5c2293ed14d1e5c5ef2cbf2c295  1.0.1/RPMS/netscape-russian-4.77-1.1mdk.noarch.rpm
1072e0cd863f8e8121278f054ba06979  1.0.1/RPMS/netscape-walon-4.77-1.1mdk.noarch.rpm
df3d4cc7f3075d5e3e8459f472c3ff58  1.0.1/SRPMS/netscape-4.77-4.2mdk.src.rpm
fe84557addcc56a217cb2650713f6cf6  1.0.1/SRPMS/netscape-castellano-4.77-1.1mdk.src.rpm
d3f5f0e11089c3c6cb42b6af68bf01bf  1.0.1/SRPMS/netscape-catalan-4.77-1.1mdk.src.rpm
64e4a2df5c9e67d5d5f731b488a4fd99  1.0.1/SRPMS/netscape-euskara-4.77-1.1mdk.src.rpm
2e6f987e74f0979212560a41a599a16d  1.0.1/SRPMS/netscape-francais-4.77-1.1mdk.src.rpm
9f8747c7d3112d33316d19f42263b3ff  1.0.1/SRPMS/netscape-russian-4.77-1.1mdk.src.rpm
4096dccde8cbde3699eb37098061effb  1.0.1/SRPMS/netscape-walon-4.77-1.1mdk.src.rpm

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.