Networksecurity.fi Security Advisory (29-04-2005)
=================================================


Title:             Netscape DOM Nodes Validation Vulnerability
Criticality:       High
Affected software: Netscape 7 Web Browser
Platforms tested:  Windows XP Professional US
Author:            Juha-Matti Laurio <info [at] networksecurity.fi>, <juha-matti.laurio [at] netti.fi>
Date:              29th April, 2005
Advisory ID:       N/A
Location URL:      http://www.networksecurity.fi/advisories/netscape-dom.html (HTML),
                   http://www.networksecurity.fi/advisories/netscape-dom.txt (plain text)
CVE reference:     CAN-2005-1160 assigned for Mozilla Suite and Mozilla Firefox,
                   check http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160 for an updated version

NOTE: See http://www.networksecurity.fi/advisories/netscape-dom.html for a more recent version!

Overview:
A new remote type vulnerability has been reported in Netscape, which can be exploited by malicious people to compromise a user's system.

Details:
This is a code execution type vulnerability.
DOM nodes are not properly validated from the content window.

Tested software versions:
Netscape 7.2
Exact user-agent in use:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)

Solution:
It is recommended to use another web browser (Firefox 1.0.3 is not affected). If this is not possible, the following workaround is provided by the researcher:

Workaround:
Disable JavaScript:
Edit / Preferences... / Advanced / Scripts & Plugins: remove selection from 'Navigator'. Select 'OK' to save changes.

This workaround is tested by the researcher.

References:
http://secunia.com/advisories/15135/
http://www.mozilla.org/security/announce/mfsa2005-41.html
https://bugzilla.mozilla.org/show_bug.cgi?id=289083

Timeline:
23-04-2005 Vulnerability discovered
28-04-2005 Detailed research
28-04-2005 Vendor informed
28-04-2005 Security companies informed
29-04-2005 More security companies and CERT-FI informed
29-04-2005 Advisory published

Revision history:
29-04-2005 1.0: Advisory published
30-04-2005 1.1: HTML version published, updated advisory

Copyright © Networksecurity.fi and Juha-Matti Laurio 2005


Best regards,
Juha-Matti Laurio
IT security researcher
Finland
http://www.networksecurity.fi/