 |
|
|
|
The newest version of Netscape Browser is affected to so-called concurrency-related XML handler memory corruption vulnerability disclosed on Bugtraq recently.
When visiting the test link http://lcamtuf.coredump.cx/ffoxdie.html (included to the original vulnerability report related to Firefox) browser crashed immediately generating Application Error. No user interaction was needed.
Affected versions:
Vulnerability has been confirmed in Netscape Browser 8.1 in Windows 2000 SP4 fully patched.
Solution status:
No updated version available from the vendor at the time of reporting.
Workarounds:
The following working workaround has been tested: Disable JavaScript support from Tools / Options... / Site Controls.
Vendor Homepage:
http://browser.netscape.com/ns8/
Credit:
This vulnerability was reported earlier in Firefox 1.5.0.6 by Michal Zalewski.
Juha-Matti Laurio confirmed this vulnerability in Netscape.
Timeline:
18-Aug-2006 - Vulnerability confirmed in Netscape
19-Aug-2006 - Vendor was contacted
19-Aug-2006 - Security companies and several CERT units contacted
Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/
|
|
|
|
|
|
|
|
