[ISN] Another Bug Found in Navigator

From: mea culpa (jerichot_private)
Date: Fri Oct 30 1998 - 14:50:37 PST

Next message: mea culpa: "[ISN] Cracking cybercrime"

Previous message: mea culpa: "[ISN] Phreaking Hacktivists - What's in a Name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: phreak moi <hackerelitet_private>

http://www.news.com/News/Item/0,4,28111,00.html?st.ne.1.gif.1

Another bug found in Navigator
By Paul Festa
Staff Writer, CNET News.com
October 29, 1998, 4:20 p.m. PT

The bug-battling efforts of Netscape Communications seem to be a case of
cache-as-cache-can. 

The company today confirmed another caching bug in its Web browser, the
fourth in recent weeks. 

The latest problem would allow a malicious Web site operator or email
sender swipe the contents of a user's browser cache and directory files.
Two demonstrations that do just that are posted to the Web; one will read
your cache, and the other will read your directory. 

The bug is exploited using JavaScript, a scripting language developed by
Netscape for interactive Web documents such as pop-up windows and forms.
JavaScript is unrelated to the Java programming language, which was
developed by Sun Microsystems. 

The person who found the bug, Georgi Guninski, notified Netscape of the
problem and will reap a $1,000 finder's fee for the discovery, Netscape
said today in confirming the security hole. 

The bug bears a striking resemblance to two others discovered by bug
hunter Dan Brumleve. The first of those, dubbed Cache Cow, reveals cache
contents and browsing history. Netscape patched that hole with version
4.07 of the Navigator browser. 

The second Brumleve discovery, Son of Cache Cow, affected version 4.07.
Netscape fixed that in version 4.5, released last week; but Guninski's bug
thwarts the patched upgrade. 

Another recently discovered bug prevents Navigator from properly following
Web sites' requests that the browser not cache certain pages.  In some
scenarios involving shared computers, that could lead to breaches of
security with user names, passwords, credit card numbers, and other
private information. 

Netscape and Guninski recommended disabling JavaScript as a workaround for
the latest bug.  Netscape expects to release a patch or a patched upgrade
of Navigator in the next two weeks. 

-o-
Subscribe: mail majordomot_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

Next message: mea culpa: "[ISN] Cracking cybercrime"
Previous message: mea culpa: "[ISN] Phreaking Hacktivists - What's in a Name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:33 PDT