This just in: Netscape Vulnerability

Tom Guilderson twg3 at mediaone.net
Fri Aug 11 02:02:25 EDT 2000


I was able to verify this vulnerability.  If you exit Netscape
completely it gets killed. Fortunately I am behind a firewall
preventing anyone outside getting in.

David Lapointe wrote:
> 
> This came from the Mandrake security list.  I can't demonstrate the vulnerability though,
> likely related to my firewall.
> 
> Problem Description:
> 
> There exists a problem in all versions of Netscape with Java enabled.
> Under certain conditions, Netscape can be turned into a server that
> serves files on your local hard drive that Netscape has read access to
> and remote people can access it by connecting their web client to port
> 8080 on your machine if they know the IP address.  For a demonstration
> of this vulnerability visit http://www.brumleve.com/BrownOrifice/.
> ________________________________________________________________________
> 
> Linux-Mandrake recommends you disable Java to make Netscape invulnerable
> to this exploit.  You can disable Java by hand in Edit -> Preferences ->
> Advanced.  You can also remove the preferences.js file by using:
> 
> rm -f ~/.netscape/preferences.js
> _
> 
> --
>  .david
>  David Lapointe
> "Hokey religions and ancient weapons are no
> match for a good blaster at your side, kid,"
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).

-- 
Tom Guilderson
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list