Linux Today: Linux News On Internet Time.

More on LinuxToday

VNU Net: Security hole found in Netscape

Apr 21, 2000, 08:28 (1 Talkback[s])
(Other stories by John Geralds)

By John Geralds, VNU Net

A security hole that could expose private files has been discovered in Netscape Communicator.

The problem allows hostile website operators to gather details from visitors' computers, including bookmarks and cache information.

"We think this may be one of the most powerful Netscape Communicator exploits ever," said Bennett Haselton, a bug hunter and head of PeaceFire, an organisation dedicated to fighting content filtering on the web.

A Netscape spokeswoman said the company is testing two possible fixes which will be added to the 4.7 release of the browser.

The vulnerability is caused by a combination of technologies that allows an unfriendly website operator to avoid the browser's security features.

Users can use frames or windows to get at files in their computers so windows opened from the local disk have weak security features. Stronger cross frame security features should prevent web authors from using JavaScript to transfer data from a window on a user's computer to a window belonging to the website operator.

However, Haselton showed that a website operator could introduce JavaScript code through a cookie inserted onto the user's hard drive.

"Getting 'read' access to the user's hard drive is the second most powerful exploit you can possibly launch. If I run the exploit on a specific person, I can determine what other sites they have visited," he said, adding that the ability to execute code on a person's computer is the most powerful.

He also noted that the problem only occurs if the user has their profile name set on default, which applies to most users.

The Netscape spokeswoman cited the conditions necessary for an exploit to occur and the fact that only links could be accessed. The company also suggests users concerned about the vulnerability to turn off JavaScript and to refuse to accept cookies or only accept them from trusted sources.

Related Stories: