Netscape Netcenter MacOS/ Windows
Netscape 2.x browser archive ·  Netscape 3.x browser archive ·  Netscape 4.x browser archive
Netscape 4.5 browser archive ·  Netscape 4.6 browser archive ·  Netscape 4.7 browser archive
Netscape 6.x browser archive ·  Netscape 6.2 browser archive
You are here: Home / Security Center /
 Netscape Security Archive
spacer  Netscape Security News Archive -
 Additional Notes spacer

 This page provides additional details for some of the security issues affecting versions of the Netscape client prior to Netscape 7.0. For the latest security information regarding the Netscape client, visit the Netscape Security Center. If you wish to report a security vulnerability in the Netscape client, please use the Security Bug Report Form.

All issues described on this page have been addressed in the most recent versions of the Netscape client, which is available for download.

  1. Exploit Enables Reading of Bookmark Links and Some Attributes of HTML Files
  2. Sohr Java Vulnerability
  3. The Frame-Spoofing Vulnerability
  4. The JavaScript Cache Browsing Bug
  5. The Injection Bug
  6. Security Update: JavaScript Technology in Email
  7. No-Cache Meta-Tag Bug
  8. The MIME Type Bugger Overflow Vulnerability
  9. Brumleve Cache Bug
  10. Long Filename Mail Vulnerability
  11. ClassLoader Java Vulnerability
  12. Preferences Bug
  13. The French Privacy Bug
  14. The Santa Barbara Privacy Bug
  15. The Singapore Privacy Bug
  16. The Tracker Bug
  17. Bell Labs Privacy Bug
  18. Danish Privacy Bug

Exploit Enables Reading of Bookmark Links and Some Attributes of HTML FilesExploit Enables Reading of Bookmark Links and Some Attributes of HTML Files


May 2, 2000

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.73. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

An exploit has recently been reported and confirmed across platforms for Netscape Communicator 4.72 and earlier in which a hostile site can read the links in a user's bookmark file if the user's profile name and the Communicator installation directory path are known to the hostile site. Subsequent analysis has shown that it is also possible to read some HTML file attributes such as the document title and links (but not the complete text) of other HTML files on the hard drive. Netscape takes all reported security and privacy issues seriously, and this exploit has been fixed in Netscape Communicator 4.73. For this exploit to be possible, all of the following conditions must be satisfied:
  • The hostile site must know the path name of the Communicator installation directory and the user's profile name (such as "default")
  • JavaScript must be enabled
  • Cookies must be enabled
In evaluating the severity of this exploit, users should keep the following things in mind:
  • There are no known instances of malicious use of this exploit on the web
  • An HTML file's complete text cannot be read; only certain file attributes (such as the links in the document and its title) can be read
  • Even a successful execution of the exploit is a read-only violation of privacy which does not enable the corruption or modification of the user's machine, system, or data
Instructions for Users of Netscape Communicator 4.72 and Earlier

Netscape always recommends that users use the latest available version of its software. Users of releases prior to 4.73 can avoid this exploit by doing any one of the following things:
  • Renaming the user's profile name to something other than "default" and not releasing this profile name to untrusted individuals or web sites.
    1. Start Netscape Communicator's User Profile Manager (on Windows, choose Start --> Programs --> Netscape Communicator --> Utilities --> User Profile Manager)
    2. Select the name of profile you wish to change (e.g. "Default")
    3. Click Rename button
    4. Type in a new name other than Default
    5. Thereafter, do not reveal this profile name to any web site or to individuals you do not trust.

  • Setting Cookies to "Warn me before accepting a cookie," and refusing cookies from sites you do not trust.
    1. From the Edit pulldown menu, select Preferences.
    2. Click Advanced.
    3. Check "Warn me before accepting a cookie."
    4. Thereafter, when a web site attempts to set a cookie, if you do not trust the web site, click "Cancel" on the alert box that warns you about the cookie being set.

  • Disabling cookies.
    1. From the Edit pulldown menu, select Preferences.
    2. Click Advanced.
    3. Check "Disable cookies."

  • Disabling JavaScript.
    1. From the Edit pulldown menu, select Preferences.
    2. Click Advanced.
    3. Uncheck the "Enable JavaScript" checkbox.
[Top]

Sohr Java VulnerabilitySohr Java Vulnerability


March 29, 1999

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.51. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

Netscape has recently been alerted to a security vulnerability in the implementation of Java that affects Windows, Mac and Unix versions of Netscape Communicator and Netscape Navigator 4.0x and higher. It does not appear to affect previous versions of Navigator. The vulnerability was discovered by Karsten Sohr, a graduate student at the University of Marburg in Germany and reported to Sun Microsystems by Ed Felton, head of the Princeton University Secure Internet Programming Lab.

Sun has verified that the vulnerability does exist, although no customer incidents have been reported to Sun or Netscape. Netscape takes all potential security issues seriously and is currently working on a fix that will be included in an upcoming version of Netscape Communicator. Availablility date of the new release will be reported on this page.

The vulnerability could potentially be exploited by running a malicious Java applet from an untrusted Web site. While users can safely run Java when visiting trusted commercial sites, Netscape advises users to exercise caution if browsing random or unknown sites. Until downloading the new version of Communicator that includes the fix, concerned users can avoid this potential security threat by immediately disabling Java in Communicator. To do this, simply follow the steps listed below:
  1. In Communicator, select Preferences from the Edit menu.
  2. In the Preferences dialog box, choose the Advanced category.
  3. Uncheck the "Enable Java" preference in the dialog box.
  4. Click OK.
[Top]

The Frame-Spoofing VulnerabilityThe Frame-Spoofing Vulnerability


January 7, 1999

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.51. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

Netscape has recently been alerted to a vulnerability that affects versions of Netscape Navigator on all available platforms that support the use of frames, including versions 2.0 and later. Netscape has verified that this vulnerability does exist, although no customer incidents have been reported to Netscape. Netscape takes all potential security and privacy issues seriously and is currently working on a fix that will be included in a future version of the browser.

A malicious attacker could exploit this vulnerability to make content of the attacker's own creation appear as if it were provided by another web site. In doing so, the attacker could mislead a site visitor into submitting information through a form by leading the user to believe he or she is visiting a trusted web site. The attacker could also make potentially embarrassing information appear on a web site. In doing so, however, the attacker is not actually placing the offending data on the targeted site's server; rather, the attacker makes it appear as if the data is coming from the targeted site.

To orchestrate this type of attack, the attacker must either
  • Convince the user to click a link from the attacker's own web site or
  • Send a decoy email to a JavaScript-enabled mail client, such as Netscape Messenger, and entice the user to click a hyperlink (presumably to the targeted site) in that email.
Although a frame-spoofing attack does not require JavaScript to be active to achieve its effects, successful exploitation of this vulnerability does require JavaScript. If JavaScript is not active, a window within the targeted site must already be open on the user's machine when the attacker entices the user to click the hyperlink in the attacking email or on the attacker's web site.

Until Netscape has implemented a fix for this vulnerability in a future version of Navigator, users can protect themselves against its effects by taking the following precautions:
  • Avoid browsing unknown, untrusted sites.
  • Using Communicator 4.5, disable JavaScript in email only through the following steps:
    1. In Communicator, select Preferences from the Edit menu.
    2. In the Preferences dialog box, select the Advanced category.
    3. Deselect the Enable JavaScript for Mail and News checkbox.
    4. Click OK.
[Top]

The JavaScript Cache Browsing BugThe JavaScript Cache Browsing Bug


October 29, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.51. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

Netscape has recently been alerted to a security vulnerability that affects the Netscape Navigator browser software. The JavaScript Cache Browsing bug affects the Windows versions of Navigator 3.04 and 4.07 and Netscape Communicator 4.5. (Note: Mac OS and Unix versions are NOT affected.) Although Netscape has verified this bug, no customer incidents of lost or stolen data have been reported to Netscape. Netscape takes all potential security and privacy issues seriously and is currently working on a fix. An update will be posted on the Netscape web site soon.

The bug can be exploited by a web site that runs a malicious program to read the URLs from a user's cache. Under ordinary circumstances, Netscape does not believe that users browsing known, trusted sites are at risk. However, if a user visits an unknown, untrusted site, the operator of that site could potentially read this information from the cache.

Since the bug relies on JavaScript to reveal information, you can avoid its effect by turning off JavaScript when browsing unknown, untrusted sites. To do this, take the following steps:
  1. In Communicator, select Preferences from the Edit menu.
  2. In the Preferences dialog box, select the Advanced category.
  3. Deselect the Enable JavaScript checkbox.
  4. Click OK.
[Top]

The Injection Bugrowsing BugThe Injection Bugrowsing Bug


October 21, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.5. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

Netscape has recently been alerted to a privacy vulnerability that affects the Netscape Navigator browser. The Injection bug affects Navigator 3.x and Netscape Communicator 4.0 to 4.07 as well as the two prerelease beta versions of Communicator 4.5 for all platforms. The bug has been fixed in the final released version of Communicator 4.5 and subsequent Netscape clients, which are available for download.

Although Netscape has verified this bug, no customer incidents of lost or stolen data have been reported to Netscape. Netscape takes all potential security and privacy issues seriously and is currently investigating a fix for Communicator 4.07. An update will be posted on the Netscape web site soon.

Under ordinary circumstances, users browsing on known, trusted sites are not at risk. However, if a user visits an unknown or untrusted site, a hacker operating through that site could determine other web sites visited by the user. A malicious hacker/site operator could also see cookie information as well as directory names and filenames by writing a special program. To obtain file information, the hacker may also have to accurately guess specific information about the user's system. The bug does not allow a malicious hacker/site operator to retrieve or erase files from the user's hard disk.

Since the bug relies on JavaScript to reveal your information, you can avoid it by turning off JavaScript when browsing unknown, untrusted sites. To do this, take the following steps:
  1. In Communicator, select Preferences from the Edit menu.
  2. In the Preferences dialog box, choose the Advanced category.
  3. Disable the Enable JavaScript feature.
  4. Click OK.
[Top]

Security Update: JavaScript Technology in EmailSecurity Update: JavaScript Technology in Email


September 18, 1998

Netscape was recently contacted about certain interactions between HTML-based email clients, such as Netscape Messenger, and other software that could potentially produce undesired behavior. Netscape takes all security claims seriously and has investigated the specific cases raised. In nearly every case, Netscape has determined that these interactions do not represent a security threat to our users.

Under unusual circumstances, however, these particular interactions could potentially produce an undesired behavior in HTML-based email client software. Netscape has concluded that there is a potential vulnerability that could be exposed through malicious JavaScriptTM code executed within the Messenger email client. The result of receiving an email message containing such code could result in what is known as a "denial-of-service" attack. This type of attack is commonly known in the software industry and can affect virtually any type of software, but is relatively non-threatening to users.

To date, Netscape has received no reports of data loss resulting from running JavaScript in Messenger. Netscape does not believe this capability presents a threat to Netscape Communicator users. If you use Netscape Messenger as your primary email client and are concerned about potential denial-of-service attacks, you may choose to turn off JavaScript in Messenger while keeping it enabled in Navigator. If you want to disable JavaScript in Netscape Messenger, that option is available.

[Top]

No-Cache Meta-Tag BugNo-Cache Meta-Tag Bug


October 29, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.08. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

This bug only affects secure web pages with the following HTML meta tag:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
The No-Cache Meta-Tag bug has recently been reported to Netscape. It represents a behavioral change from Netscape Communicator 4.07 to Netscape Communicator 4.5 in how Navigator handles the local memory cache. This behavior will be changed in a future release of Netscape Communicator. While Netscape takes all potential security reports very seriously, engineers have concluded that this does not represent a network security issue. This reported behavior presupposes an uncommon scenario that has the potential to affect only a small percentage of users and would not result in any loss or theft of data over the Internet.

The details of the scenario are as follows (all must be true):
  • Multiple people use the same physical desktop PC, such as in a workgroup setting, a library, or a school. This situation does not in itself enable loss of data over the Internet.
  • The user submits information to a secure web page where a content provider uses the "no-cache" meta - tag in the HTML page,
    <META HTTP-EQUIV="Pragma" CONTENT="no-cache">.
  • The user does not restart Communicator before another person uses the same desktop PC.
If all conditions are true, then the information the end user enters into the web page will be saved in the memory cache (in RAM, not in the disk cache). If another user clicks the Back button on the Navigator toolbar before restarting Communicator, he or she will be able to see the original web page with the contents entered by the previous user. Note that content that is blocked out - for example, "*****" - will still be blocked out.

Here are several possible workarounds for end users, any one of which is sufficient:
  • Simply restart Communicator.
  • Select Preferences from the Edit menu. In the Preferences dialog box, select Advanced and then Cache. Click the Clear Memory Cache button.
  • Take advantage of individual user profiles in Communicator 4.5. Create a different profile for everyone who has access to the shared PC. The User Profile Manager is located in the Communicator directory, or in the Windows Start menu.
In addition, content providers can avoid this problem entirely using a simple JavaScript command. This line can be included in the page as a script at the top or in the onLoad function of the BODY tag:
if ('Navigator' == navigator.appName) document.forms[0].reset();
End users should note that many content providers do not use the No-Cache command in any form. In those cases, the correct behavior for the browser is to cache any entered information. Therefore, the danger described above often exists regardless of this No-Cache Meta-Tag bug.

For this and other reasons, Netscape always recommends that if multiple people use the same copy of Communicator on the same PC, they should use individual user profiles to protect private and personal information. An alternative is to simply restart Communicator for each user. While this is good practice in all cases where a PC is shared, Netscape cannot absolutely ensure a specific level of privacy or security when multiple users have full access to local data, including information stored by Communicator.

[Top]

The MIME Type Buffer Overflow VulnerabilityThe MIME Type Buffer Overflow Vulnerability


November 6, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.08. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

This vulnerability has been identified and fixed in the Unix versions of Netscape Communicator 4.08. Note: This vulnerability does NOT affect versions of Communicator for Windows or the Mac OS. It is available for download.

Instructions for Netscape Navigator 3.0x and Communicator 4.5 Users
You can avoid this vulnerability by setting a preference for Navigator to prompt you before it attemps to download a plug-in with an unknown MIME type. To do so, follow these steps:
  1. In Communicator, select Preferences from the Edit menu. The Preferences dialog box will appear.
  2. In the Preferences dialog box, select the Navigator category.
  3. Select the Applications category.
  4. In the Description list box, select the * entry (handled by Plug-in: Netscape Default).
  5. Click the Edit button. The Edit Type dialog box will appear.
  6. Set Handled By preference to Unknown: Prompt user by clicking that radio button.
  7. Click OK to close the Edit Type dialog box.
  8. Click OK to close the Preferences dialog box.
  9. Quit Navigator or Communicator and restart the program.
Setting the preference to generate this prompt will not affect your ability to view pages with the other plug-ins you have already installed, and you will retain the ability to manually download and install new plug-ins as you need them.

[Top]

Brumleve Cache BugBrumleve Cache Bug


October 6, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.07. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The cache bug can be exploited by a web site that runs a malicious program to read the URLs from a user's cache. Under ordinary circumstances, Netscape does not believe that users browsing known, trusted sites are at risk. However, if a user visits an unknown, untrusted site, the operator of that site could potentially read this information from the cache. The bug affects Netscape Navigator 3.x and Communicator 4.0 to 4.06 for all platforms.

Instructions for Netscape Navigator 3.x
UsersSome users of Navigator 3.x may not be able to upgrade to the latest version because of system limitations. Users who cannot upgrade can follow the instructions below to avoid the bug.

Since the bug reveals information only from the cache, you can avoid it by turning off the cache. To do this, take the following steps:
  1. In Communicator, select Preferences from the Edit menu.
  2. In the Preferences dialog box, double-click Advanced and then click Cache.
  3. Click the Clear Memory Cache and Clear Disk Cache buttons.
  4. Set Memory Cache and Disk Cache to zero (0).
  5. Click OK to close the Preferences dialog box.
[Top]

Long Filename Mail VulnerabilityLong Filename Mail Vulnerability


AUGUST 14, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.06. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The Long Filename Mail vulnerability has been identified by a Finnish tester at OUSPG and is documented at AUSCERT. It affects the mail and news components of Netscape Communicator 4.0 through 4.05 and Netscape Communicator 4.5 Preview Release 1 on the Windows 3.1, 95, 98, and NT platforms. This vulnerability does not affect the Macintosh or Unix versions of Communicator. Although this vulnerability has been verified by Netscape, no customer incidents have been reported to Netscape. Users can download Communicator 4.06 immediately as well as Communicator 4.5 both of which fix this bug.

The Long Filename Mail vulnerability could allow an email or newsgroup message with an attachment that has a very long filename to execute malicious code on your computer. In order for the malicious code to cause problems, you must select the File menu while viewing the message.

Description of the Vulnerability
The Long Filename Mail vulnerability can cause one or more of the following to occur when you select the File menu while viewing a message that has an attachment with a long filename:
  • Communicator may quit unexpectedly.
  • Selecting the File menu may cause malicious code to be executed on your computer. Netscape is not aware of any users who have been affected by a malicious message.
How to Avoid the Vulnerability
Until a patch is available, configure Communicator to always view attachments as links, rather than display them inline. To do so, select the appropriate command on the View menu.
  • In Communicator 4.0 through 4.05, go to Netscape Messenger and select View: Attachments: As Links.
  • In Communicator 4.5 Preview Release 1, if your menu reads View: View Attachments Inline, select this item to toggle it to viewing attachments as links. Note: if the menu item in Messenger already says View | View Attachment as Link, you do not need to do anything.
If you view a message with an attachment that has a filename with 200 or more characters (this may appear as an attachment link that extends beyond the window width), follow these instructions:
  • Do NOT select the File menu under any circumstances when the message is selected.
  • You can save the attachment to your hard disk for viewing with another application by right-clicking on the attachment link in the message and selecting Save Link As.
  • It is recommended that you delete the message with the long filename attachment by clicking the Delete icon in the toolbar. You should delete the message whether or not you were able to save the attachment as described in the previous step.
  • If you need to exit Communicator while the suspect message is selected, click on the X icon in the upper-right corner of the window. Do not use the File menu to exit the application unless you have deleted the suspect message or have selected an alternate message.
Please note that not all attachments with filenames of 200 or more characters will necessarily be malicious.

Netscape recommends that users protect themselves by upgrading to Communicator 4.06 or Communicator 4.5, both of which were released since the bug was discovered.

Versions and Platforms Affected
Netscape has confirmed that the security issue affects the mail and news components of Communicator for the following versions and platforms:
  • Netscape Communicator 4.0 through 4.05 on Windows 3.1, 95, 98, and NT platforms
  • Netscape Communicator 4.5 Preview Release 1 on Windows 95, 98, and NT platforms
Netscape believes that the following mail and news component versions are NOT affected:
  • Netscape Communicator 4.0 through 4.05 on Macintosh and Unix platforms
  • Netscape Communicator 4.5 Preview Release 1 on Macintosh and Unix platforms
  • Netscape Navigator 2.x and 3.x on all platforms
[Top]

ClassLoader Java VulnerabilityClassLoader Java Vulnerability


AUGUST 14, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.06. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The ClassLoader Java vulnerability affecting Netscape Communicator 4.0 to 4.05 has been fixed in Communicator 4.06 and is available for immediate download. It is also fixed in Netscape Communicator 4.5. Netscape Navigator 2.x and 3.x are unaffected by this vulnerability.

The vulnerability, reported by researchers at Princeton University, affects Netscape Navigator and Communicator 4.0 to 4.05 for all platforms. No customer incidents have been reported to Netscape.

The ClassLoader Java vulnerability could allow a malicious web site operator to use a Java applet to read, modify, or delete files on a user's local machine. Only users who visit the malicious web site where such a Java applet resides and who run the applet would be affected.

Netscape recommends that users protect themselves by upgrading to Netscape Communicator 4.5 or to Communicator 4.06, in addition to visiting only known and trusted web sites. To be completely protected from this attack when using versions of Netscape Communicator 4.0 to 4.05, users may choose to disable Java to prevent this vulnerability from being exploited. To disable Java, select Preferences from the Edit menu. Select the Advanced category and uncheck the preference Enable Java. You must exit from Communicator and restart for the change to take effect.

The Princeton researchers who found the vulnerability have shared the details with Netscape, and the information they provided has been independently confirmed by Netscape.

[Top]

Preferences BugPreferences Bug


FEBRUARY 19, 1998

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.05. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The Preferences bug affecting Netscape Communicator 4.0 to 4.04 has been identified and will be fixed in the next maintenance release, which will be in private beta test starting the week of February 23.

The bug, reported by an Internet consultant, affects Netscape Navigator and Communicator 4.0 to 4.04 for all platforms. Netscape knows of no reports of successful exploitation of this privacy bug, and no customer incidents have been reported.

The privacy bug can allow malicious web site operators to read the Communicator prefs.js from the hard disk of visiting users by guessing the path name of the prefs.js file. Information contained in this file can include email addresses, domain names, and passwords. Under ordinary circumstances, users browsing on known, trusted sites are not at risk. However, if a user visits an unknown, untrusted site, the operator of that site can potentially read information from the prefs.js file through an obscure series of steps. For this attack to work, the attacker must know the exact name and path of the file.

Because the only sensitive information that can be located in the prefs.js file is your email password, you can protect against an attacker's learning your password by making sure it is not automatically stored in Communicator. To do this, you should take the following steps:
  • In Communicator, go to the menu bar and select Edit: Preferences.
  • In the Preferences Dialog box, double-click Mail & Groups and then Mail Server.
  • Click the More Options button, near the bottom right of the dialog box.
  • The More Mail Server Preferences dialog box will appear. Make sure Remember My Mail Password is unchecked.
  • Click OK twice and then exit from Communicator. You must exit from Communicator for the change to take effect.
When you restart Communicator, your password will no longer be in the prefs.js file and you will be prompted for it when you access your email. In general, it is not a good idea to store passwords for any application directly on your computer. The Internet consultant who found the bug has shared the technical details with Netscape and the information he provided has been independently confirmed by Netscape.

[Top]

The French Privacy BugThe French Privacy Bug


SEPTEMBER 15, 1997

Update: This vulnerability has been addressed with the release of Netscape Communicator 4.03. Netscape Navigator 2.x and 3.x are unaffected by this bug. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The French Privacy Bug may allow a malicious hacker to observe a user's preference files. The hacker must, however, guess some user information and decrypt other information for this attack to work. The user must first visit the malicious hacker's web site to be affected.

Netscape recommends that users protect themselves by downloading the latest copy of Communicator and by visiting only known and trusted web sites.

[Top]

The Santa Barbara Privacy BugThe Santa Barbara Privacy Bug


AUGUST 29, 1997

Update: The Santa Barbara privacy bug has been identified and fixed. The Mac and Unix versions of Communicator 4.02 are unaffected by this bug. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The Santa Barbara privacy bug can allow a hacker to see a user's browser information through a hacker-generated second browser window. To be exposed, a user must visit a malicious hacker's Web site and then visit other Web sites through the second browser window. The bug does not allow a hacker to access a user's hard drive or steal from, erase, or write information to a user's hard drive.

[Top]
The Singapore Privacy Bug


Update: The Singapore privacy bug that affects Netscape Communicator has been identified and fixed. Netscape Navigator 2.x and 3.x are unaffected by this bug. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The Singapore privacy bug allows a hacker to observe a user's activity on the web. It allows a hacker web site to exploit LiveConnect to observe which URLs a user visits, the data a user enters into HTML forms (including passwords), and data placed into a user's cookie file. The bug does not allow a malicious web site operator to see, erase, or steal data from a user's hard disk.

LiveConnect is a technology that enables communication between JavaScript and Java applets in a page.

[Top]
The Tracker Bug


Update: The Tracker bug that affects Netscape Navigator 3.0 has been identified and fixed. This bug is similar in nature to the previously reported Bell Labs bug. Netscape Communicator is unaffected by this bug. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The Tracker bug can allow a malicious web site to know the web site addresses a user visits after leaving the malicious site. It can also allow malicious web sites to see cookie and form submission information that has been exchanged between the client and the server. However, a malicious web site operator can neither retrieve nor erase files from the user's hard disk.

[Top]
Bell Labs Privacy Bug
JULY 18, 1997

Update: The reported Bell Labs privacy bug affecting Netscape Navigator 2.0, 3.0, and Communicator 4.01 has been identified and fixed. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The Bell Labs privacy bug can allow a malicious Web site to know the Web site addresses a user visits after leaving the malicious site. It can also allow malicious Web sites to see cookie and form submission information that has been exchanged between the client and the server. However, a malicious Web site operator can neither retrieve nor erase files from the user's hard disk. Netscape has not been informed of any sites that are monitoring users, or of any customer incidents.

[Top]
Danish Privacy Bug
JULY 9, 1997

Update: The Danish privacy bug affecting Netscape Navigator has been identified and fixed. Netscape advises customers to upgrade to the most recent version of the Netscape browser today.

The bug, reported by an Internet consultant, affects Netscape Navigator 2.0 and 3.0, and Netscape Communicator 4.0 on all platforms (Windows, Macintosh, and Unix). The final release of Communicator 4.0 for Unix will include the bug fix. Netscape knows of no reports of successful exploitation of this privacy bug, and no customer incidents have been reported.

The privacy bug can allow malicious Web site operators to retrieve known files from the hard disks of visiting users by mimicking the submission of a form. Under ordinary circumstances, users browsing on known, trusted sites are not at risk. However, if a user visits an unknown, untrusted site, the operator of that site can potentially retrieve files from a user's hard disk through an obscure series of steps. For this attack to work, the hacker must know the exact name and path of the file.

To completely remove any risk of this bug, Navigator users should download the updated version of Communicator (or Navigator), which includes the fix. In the interim, users of Navigator 3.0 and Communicator 4.0 can take the following steps to enable warning dialog boxes to detect and cancel form submissions:
    In Navigator 3.0: Go to the Options menu and select Security Preferences. Select the "Submitting a Form Insecurely" preference to enable that warning dialog box. In Navigator 4.0: Select the lock in the toolbar to open the Security Advisor. Select Navigator, then select the "Sending Unencrypted Information to a Site" preference to enable that warning dialog box.
Although the Internet consultant was initially unwilling to release the technical details of the bug, he has subsequently released them to Netscape. The information that he provided matches what Netscape determined independently.

[Top]

Netscape Netcenter MacOS/ Windows
Netscape 2.x browser archive ·  Netscape 3.x browser archive ·  Netscape 4.x browser archive
Netscape 4.5 browser archive ·  Netscape 4.6 browser archive ·  Netscape 4.7 browser archive
Netscape 6.x browser archive ·  Netscape 6.2 browser archive