Detections
Analytics
Mandrake Linux Security Advisory : netscape (MDKSA-2001:038)
high Nessus Plugin ID 61911
Language:
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A vulnerability exists in versions of Netscape prior to 4.77 that allow a remote web server that the user is accessing to obtain information about the client using Netscape's internal 'about:' protocol. Other internal protocols can be accessed this way, such as the 'about:global' protocol which will display the browser history, or the 'about:config' protocol which will display the browser configuration. These problems are directly related to JavaScript processing embedded commands in GIF files which Netscape does not properly escape, and can be negated by disabling JavaScript in Netscape. However it is recommended that all users upgrade to version 4.77.Solution
Update the affected packages.Plugin Details
Severity: High
ID: 61911
File Name: mandrake_MDKSA-2001-038.nasl
Version: 1.7
Type: local
Family: Mandriva Local Security Checks
Published: 9/6/2012
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:netscape-castellano, p-cpe:/a:mandriva:linux:netscape-catalan, p-cpe:/a:mandriva:linux:netscape-common, p-cpe:/a:mandriva:linux:netscape-communicator, p-cpe:/a:mandriva:linux:netscape-euskara, p-cpe:/a:mandriva:linux:netscape-francais, p-cpe:/a:mandriva:linux:netscape-german, p-cpe:/a:mandriva:linux:netscape-japanese, p-cpe:/a:mandriva:linux:netscape-navigator, p-cpe:/a:mandriva:linux:netscape-polish, p-cpe:/a:mandriva:linux:netscape-russian, p-cpe:/a:mandriva:linux:netscape-walon, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/18/2001
Reference Information
MDKSA: 2001:038