[ISN] Netscape faces another security hole

From: mea culpa (jerichoat_private)
Date: Sat Feb 20 1999 - 01:26:10 PST

  • Next message: mea culpa: "[ISN] SAFER [Announcement]"

    Forwarded From: shadowvrai@trust-me.com
    Netscape faces another security hole 
    By Paul Festa
    Staff Writer, CNET News.com
    February 18, 1999, 12:20 p.m. PT 
    Fresh from a recent battle with frame spoofing, Netscape is facing a
    similar security hole in its Communicator Web browser that permits window
    Spoofing allows a malicious Web page author to present Web content under a
    false designation. Communicator's frame- spoofing bug let Web authors
    insert their own frame--a sort of window within a window--into the pages
    of trusted third- party sites. Microsoft also grappled with frame-spoofing
    issues last month. 
     With the window spoofing problem that Netscape acknowledged today, a Web
    author can fill an entire window with his or her own content while
    maintaining the address bar of the trusted site. The trick could be used
    to fool visitors into handing over sensitive information, including user
    names, passwords, and credit card numbers, though Netscape contended that
    such an exploit would require extremely high-level JavaScripting skills. 
    As with frames, Microsoft dealt with a window-spoofing problem last month. 
    Communicator's window-spoofing bug permits an exploit in which a hyperlink
    on the maliciously designed page first takes the user to the trusted site
    and then executes a line of JavaScript code that substitutes the spoofed
    window several seconds later. JavaScript is a scripting language developed
    by Netscape for interactive Web documents such as pop-up windows and
    forms. JavaScript is unrelated to the Java programming language, which was
    developed by Sun Microsystems. 
    The current problem was discovered by Bulgarian bug hunter Georgi
    Guninski, who posted a demonstration of the exploit to the Web. Netscape
    noted that no users have reported falling victim to such an exploit and
    that the company would fix the bug in a March release of the browser. 
    Nevertheless, Guninski will reap a $1,000 bug-hunting bounty from Netscape
    for his discovery. Netscape praised his efforts, particularly what the
    company termed his "groundbreaking" work with JavaScript.
    "We've never seen this before," said John Gable, senior product manager on
    the Communicator team. "He's a talented guy, one of the most creative
    JavaScript developers we've ever seen." 
    Netscape's fix will prohibit the type of JavaScript-laced URL that
    Guninski crafted. The bug affects Communicator 3.04, 4.06, 4.5 for Windows
    95 and 4.08 for Windows NT, according to Guninski, who recommends
    disabling JavaScript pending a fix. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:37 PDT