Title: Netscape DOM Nodes Validation Vulnerability
Criticality: High
Affected software: Netscape 7 web browser
Non-affected: Netscape Browser 8.0 and newer (since 19th May, 2005)
Platforms tested: Windows XP Professional US
Author: Juha-Matti Laurio info [at] networksecurity.fi, juha-matti.laurio [at] netti.fi
Date: 29th April, 2005
Advisory ID: N/A (#1)
Location URL: http://www.networksecurity.fi/advisories/netscape-dom.htm (HTML),
http://www.networksecurity.fi/advisories/netscape-dom.txt (plain text)
CVE reference: CAN-2005-1160 assigned for Mozilla Suite and Mozilla Firefox,
check cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160 for an updated version
Overview:
A new remote type vulnerability has been reported in Netscape, which can be exploited by malicious people to compromise a user's system.
Details:
This is a code execution type vulnerability.
DOM nodes are not properly validated from the content window.
Tested software versions:
Netscape 7.2
Exact user-agent in use:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
Solution:
It is recommended to use another web browser (Firefox 1.0.3 is not affected). If this is not possible, the following workaround is provided by the researcher:
Workaround:
Disable JavaScript:
Edit / Preferences... / Advanced / Scripts & Plugins: remove selection from 'Navigator'. Select 'OK' to save changes.
This workaround is tested by the researcher.
Updated: Update to version Netscape Browser 8.0 or newer:
browser.netscape.com/ns8/download/default.jsp
References:
secunia.com/advisories/15135/
www.securityfocus.com/bid/13233/
www.mozilla.org/security/announce/mfsa2005-41.html
bugzilla.mozilla.org/show_bug.cgi?id=289083
Timeline:
23-04-2005 Vulnerability discovered
28-04-2005 Detailed research
28-04-2005 Vendor contacted
28-04-2005 Security companies informed
29-04-2005 More security companies and CERT-FI informed
29-04-2005 Advisory published
11-05-2005 Cyber Security Bulletin SB05-131 published
19-05-2005 Vendor issues fix. Security companies informed about Netscape 8 release
20-05-2005 New tests done with Netscape 8.0.1. More security companies and CERT-FI informed
Revision history:
29-04-2005 1.0: Advisory published
30-04-2005 1.1: HTML version published, updated advisory
02-05-2005 1.2: Updated advisory
19-05-2005 1.3: Netscape 8.0 released. Updated advisory
20-05-2005 1.4: Netscape 8.0.1 released. Updated advisory
28-05-2005 1.5: Updated advisory by adding references and information about US-CERT SB05-131
To the Main Page
Copyright © Networksecurity.fi and Juha-Matti Laurio 2005
Best regards,
Juha-Matti Laurio
IT security researcher
Finland
www.networksecurity.fi