SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Netscape Vendors:   America Online, Inc.
(Vendor Issues Fix) Re: Netscape Browser XMLHTTP Redirect Bug Lets Remote Users View Files on a User's Computer
SecurityTracker Alert ID:  1004311
SecurityTracker URL:  http://securitytracker.com/id/1004311
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 17 2002
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.1 - 6.2.2
Description:   An access control vulnerability was reported in the Netscape browser. A remote user can supply HTML that, when loaded, will be able to view the contents of files on the victim's computer.

GreyMagic Software reported that Netscape (6.1+) on Windows is vulnerable but that other versions and platforms are also believed to be vulnerable.

The vulnerability reportedly exists in the XMLHTTP component "XMLHttpRequest object" and is similar to a previously disclosed flaw in Microsoft Internet Explorer.

A remote user can apparently write HTML that will direct the "open" method to a web page that will in turn redirect the browser to a local file while Netscape will continue to operate as if in the original security zone. As a result, the code will be able to read the file by using the responseText property.

A demonstration exploit example is provided. The code reportedly attempts to read the file "c:/test.txt". The page "getFile.asp" internally redirects to "file://c:/test.txt":

var oXML=new XMLHttpRequest();
oXML.open("GET","getFile.asp",false);
oXML.send(null);
alert(oXML.responseText);

The vendor has reportedly been notified.

Impact:   A remote user can supply HTML to the target user so that, when loaded by the target user, the code will be able to access files on the target user's computer.
Solution:   The vendor has issued a fixed version (6.2.3), available at:

http://home.netscape.com/computing/download/index.html

Vendor URL:  browsers.netscape.com/browsers/main.tmpl (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), Apple (Legacy "classic" Mac), UNIX (macOS/OS X), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 30 2002 Netscape Browser XMLHTTP Redirect Bug Lets Remote Users View Files on a User's Computer



 Source Message Contents

Subject:  Netscape Fix for XMLHttpRequest Vulnerability


XMLHttpRequest Vulnerability

A flaw that could potentially allow a malicious web site to read files
stored on a user's computer has been discovered in Netscape 6.1 through
6.2.2 versions of the Netscape browser. There are no known instances of
this flaw being exploited. Netscape encourages those using versions 6.1
through 6.2.2 to upgrade to the recently released Netscape 6.2.3 browser
which is not subject to this potential flaw. 

http://home.netscape.com/computing/download/index.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC