Netscape Browser Javascript Regex Parsing Error Discloses Memory to Remote Users
|
SecurityTracker Alert ID: 1013643 |
SecurityTracker URL: http://securitytracker.com/id/1013643
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 5 2005
|
Impact:
Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 7.2 and prior versions
|
Description:
Juha-Matti Laurio reported that the Netscape Browser is affected by the recent Mozilla vulnerability in Javascript regex parsing. A remote user can obtain portions of browser memory.
The browser's javascript implementation does not properly parse lamba list regular expressions.
The vulnerability resides in 'js/src/jsstr.c' in the find_replen() function.
A demonstration exploit is available at:
http://cubic.xfo.org.ru/firefox-bug/index.html
The vendor was notified on April 4, 2005.
|
Impact:
A remote user can access random portions of browser memory.
|
Solution:
No solution was available at the time of this entry.
As a temporary workaround, you can disable Javascript.
|
Vendor URL: channels.netscape.com/ns/browsers/default.jsp (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: Netscape Browser Javascript Regex Parsing Error Vulnerability
|
Netscape 7 web browser is confirmed and tested to vulnerable to issue
handled in SecurityTracker Alert ID 1013636.
Fix Available: No
Vendor Informed: Yes
Affected Version(s): 7.2 and prior
Underlying OS: Windows (Any)
Impact: See ID 1013636.
No solution was available at the time of this entry.
Workaround:
Disable JavaScript:
Edit / Preferences... / Advanced / Scripts & Plugins: remove selection
from 'Navigator' at 'Enable JavaScript for' section.
When JavaScript was disabled, Netscape 7.2 was not affected any more.
Vendor URL: http://www.netscape.com/ ,
http://channels.netscape.com/ns/browsers/download.jsp
Vendor was contacted on 4th April 2005 with Security Bug Report Form. It
is not possible to get reply by this form "(x) Check this checkbox to
indicate that you understand this is not a place to get support, and
that you will not receive a reply to the information you entered above.
You may not submit a bug report unless you check this box.".
Issue was tested with the following user agent (Windows XP Professional US):
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804
Netscape/7.2 (ax)
Best regards,
Juha-Matti Laurio
Finland
http://www.networksecurity.fi/
|
|