SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Netscape Vendors:   America Online, Inc.
Netscape Browser Javascript Regex Parsing Error Discloses Memory to Remote Users
SecurityTracker Alert ID:  1013643
SecurityTracker URL:  http://securitytracker.com/id/1013643
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 5 2005
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 7.2 and prior versions
Description:   Juha-Matti Laurio reported that the Netscape Browser is affected by the recent Mozilla vulnerability in Javascript regex parsing. A remote user can obtain portions of browser memory.

The browser's javascript implementation does not properly parse lamba list regular expressions.

The vulnerability resides in 'js/src/jsstr.c' in the find_replen() function.

A demonstration exploit is available at:

http://cubic.xfo.org.ru/firefox-bug/index.html

The vendor was notified on April 4, 2005.
Impact:   A remote user can access random portions of browser memory.
Solution:   No solution was available at the time of this entry.

As a temporary workaround, you can disable Javascript.
Vendor URL:  channels.netscape.com/ns/browsers/default.jsp (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Subject:  Netscape Browser Javascript Regex Parsing Error Vulnerability


Netscape 7 web browser is confirmed and tested to vulnerable to issue 
handled in SecurityTracker Alert ID 1013636.

Fix Available: No
Vendor Informed: Yes

Affected Version(s): 7.2 and prior

Underlying OS: Windows (Any)

Impact: See ID 1013636.

No solution was available at the time of this entry.

Workaround:
Disable JavaScript:
Edit / Preferences... / Advanced / Scripts & Plugins: remove selection 
from 'Navigator' at 'Enable JavaScript for' section.
When JavaScript was disabled, Netscape 7.2 was not affected any more.

Vendor URL: http://www.netscape.com/ ,
http://channels.netscape.com/ns/browsers/download.jsp

Vendor was contacted on 4th April 2005 with Security Bug Report Form. It 
is not possible to get reply by this form "(x) Check this checkbox to 
indicate that you understand this is not a place to get support, and 
that you will not receive a reply to the information you entered above. 
You may not submit a bug report unless you check this box.".

Issue was tested with the following user agent (Windows XP Professional US):
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 
Netscape/7.2 (ax)


Best regards,
Juha-Matti Laurio
Finland
http://www.networksecurity.fi/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC