Nom du paquet
netscape
Date
2000-08-11
Advisory ID
MDKSA-2000:033-1
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

There exists a problem in all versions of Netscape with Java enabled. Under certain conditions, Netscape can be turned into a server that serves files on your local hard drive that Netscape has read access to and remote people can access it by connecting their web client to port 8080 on your machine if they know the IP address. For a demonstration of this vulnerability visit http://www.brumleve.com/BrownOrifice/. Update: In the previous announcement, MDKSA-2000:033, there was an error on how to disable Java in Netscape. The command to remove the preferences.js file only applies to the version of Netscape in Cooker. If you delete this file in any other Netscape package supplied by Linux-Mandrake you will actually enable Java. The recommended way to disable Java is to do so via the Edit -> Preferences -> Advanced menu.

Updated packages

6.1 i586

 na 6.1/RPMS/na

6.0 i586

 na 6.0/RPMS/na

7.0 i586

 na 7.0/RPMS/na

7.1 i586

 na 7.1/RPMS/na