Security Vulnerability - NS 6.x - Mozilla

Security Advisory - Netscape 6 and Mozilla

It appears that Mozilla's version of XMLHTTP, the XMLHttpRequest object, is vulnerable to the reading of local files by blindly following server-side redirections.

By directing the "open" method to a web page that will redirect to a local/ remote file it is possible to fool Mozilla into thinking it's still in the allowed zone, therefore allowing us to read it.

It is then possible to inspect the content by using the responseText property.

Tested on:

Mozilla 0.9.7, NT4.
Mozilla 0.9.9, Win2000.
Mozilla 0.9.9, NT4.
Netscape 6.1, NT4.
Netscape 6.2.1, Win2000.
Netscape 6.2.2, Win2000.
Netscape 6.2.2, NT4.
---

Netscape blows off new vulnerability warning

A recent advisory from GreyMagic Software demonstrates a minor file access vulnerability in Netscape and Mozilla for Windows, very much like the recent one affecting MS Internet Exploder.

No doubt it will be patched soon and without great difficulty. The potential for malicious exploitation is modest, and the installed user base, being a fraction of IE's, makes this item marginally newsworthy. Only Netscape has taken steps to make it particularly interesting by ostentatiously ignoring GreyMagic's attempts to elicit a response, and to claim the $1000 prize they believe they're entitled to according to the terms of the Netscape Bug Bounty program.


Ramona <sigh!>

 

tested on Netscape 6.2.2 Windows XP