Nom du paquet
netscape
Date
2000-08-10
Advisory ID
MDKSA-2000:033
Affected versions
6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

There exists a problem in all versions of Netscape with Java enabled. Under certain conditions, Netscape can be turned into a server that serves files on your local hard drive that Netscape has read access to and remote people can access it by connecting their web client to port 8080 on your machine if they know the IP address. For a demonstration of this vulnerability visit http://www.brumleve.com/BrownOrifice/. Linux-Mandrake recommends you disable Java to make Netscape invulnerable to this exploit. You can disable Java by hand in Edit -> Preferences -> Advanced. You can also remove the preferences.js file by using: rm -f ~/.netscape/preferences.js

Updated packages

6.1 i586

 na 6.1/RPMS/na

6.0 i586

 na 6.0/RPMS/na

7.0 i586

 na 7.0/RPMS/na

7.1 i586

 na 7.1/RPMS/na