Debian: Critical Advisory for Netscape Remote Exploit Issue
debian
September 1, 2000
An updated netscape package now exists to fix several remote exploit vulnerabilities.
Topics Covered
Summary
Package: netscape (communicator, navigator)
Vulnerability: remote exploit
Debian-specific: no
Existing Netscape Communicator/Navigator packages contain the following
vulnerabilities:
1. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
- executes arbitrary code in the comment field of a JPEG image
- Netscape Communicator/Navigator versions 4.0 through 4.73 are vulnerable
2. Multiple Vendor Java Virtual Machine Listening Socket Vulnerability
3. Netscape Communicator URL Read Vulnerability
- items 2 and 3 together are known as the "Brown Orifice" vulnerability
- can be exploited to expose the contents of your computer to anyone on the
Internet, allowing to read files visible to the user running the browser
- Netscape Communicator/Navigator versions 4.0 through 4.74 are vulnerable
Netscape Communicator/Navigator is not a part of the Debian distribution, but
packages are available for the convenience of our users. We recommend that
users who choose to run Nets...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!