---

VNU Net: Security hole found in Netscape

By John Geralds, VNU Net

A security hole that could expose private files has been
discovered in Netscape Communicator.

The problem allows hostile website operators to gather details
from visitors’ computers, including bookmarks and cache
information.

“We think this may be one of the most powerful Netscape
Communicator exploits ever,” said Bennett Haselton, a bug hunter
and head of PeaceFire, an organisation dedicated to fighting
content filtering on the web.

A Netscape spokeswoman said the company is testing two possible
fixes which will be added to the 4.7 release of the browser.

The vulnerability is caused by a combination of technologies
that allows an unfriendly website operator to avoid the browser’s
security features.

Users can use frames or windows to get at files in their
computers so windows opened from the local disk have weak security
features. Stronger cross frame security features should prevent web
authors from using JavaScript to transfer data from a window on a
user’s computer to a window belonging to the website operator.

However, Haselton showed that a website operator could introduce
JavaScript code through a cookie inserted onto the user’s hard
drive.

“Getting ‘read’ access to the user’s hard drive is the second
most powerful exploit you can possibly launch. If I run the exploit
on a specific person, I can determine what other sites they have
visited,” he said, adding that the ability to execute code on a
person’s computer is the most powerful.

He also noted that the problem only occurs if the user has their
profile name set on default, which applies to most users.

The Netscape spokeswoman cited the conditions necessary for an
exploit to occur and the fact that only links could be accessed.
The company also suggests users concerned about the vulnerability
to turn off JavaScript and to refuse to accept cookies or only
accept them from trusted sources.