From: Progeny Security Team <security@progeny.com>
Subject: PROGENY-SA-2001-07: Netscape Navigator fails to protect privacy
Date: Thu, 19 Apr 2001 19:26:36 -0500 (EST)
PROGENY LINUX SYSTEMS -- SECURITY ADVISORY PROGENY-SA-2001-07
Topic: Netscape Navigator fails to protect privacy
Software: netscape
Announced: 2001-04-09
Credits: Florian Wesch <fw@dividuum.de>
Affects: Progeny Debian (netscape prior to 4.77)
Debian GNU/Linux (netscape prior to 4.77)
Vendor-Status: New Version Released (4.77 on 2001-03-26)
Corrected: 2001-04-19 Progeny Only: NO
$Id: PROGENY-SA-2001-07,v 1.2 2001/04/20 00:21:42 jdaily Exp $
SYNOPSIS
The Netscape browser sometimes handles JavaScript in an insecure
manner. In certain situations, it allows remote web sites to send
JavaScript commands in an unorthodox manner that could compromise
private data.
PROBLEM DESCRIPTION
GIF-format graphics can contain comments, typically used by
graphic designers and editors for recordkeeping. Florian Wesch
discovered that the Netscape browser, while displaying a GIF image,
can process JavaScript commands stored in GIF comments, and that
commands issued in this unorthodox manner can do things that
JavaScript commands are usually unable to do.
IMPACT
A web site can gain access to browser history and possibly other
data kept in Netscape’s browser that wouldn’t normally be
available.
SOLUTION
Upgrade to a fixed version of Netscape’s browser. Netscape
Navigator version 4.77 corrects the problem. For your convenience,
you may upgrade to the package netscape_4.77-1progeny2.
WORKAROUND
The risk can be avoided without an upgrade by disabling
JavaScript in the browser.
UPDATING VIA APT-GET
1. Ensure that your /etc/apt/sources.list file has a URI for
Progeny’s update repository:
deb http://archive.progeny.com/progeny updates/newton/
2. Update your cache of available packages for apt(8).
Example:
# apt-get update
3. If you are currently running the Netscape browser, please
exit the
application.
4. Using apt(8), install the new package. apt(8) will download
the
update, verify its integrity with md5, and then install the
package on your system with dpkg(8).
Example:
# apt-get install netscape
UPDATING VIA DPKG
We do not recommend upgrading Netscape’s browser using dpkg.
Please use apt.
MORE INFORMATION
See http://www.securityfocus.com/archive/1/175060
for further details of the vulnerability.
Progeny advisories can be found at http://www.progeny.com/security/.
pub 1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com>
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.