Vulnerabilities > CVE-2001-0596 - Information Disclosure vulnerability in Netscape Navigator 'about:' Domain
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
Vulnerable Configurations
Exploit-Db
| description | Netscape Navigator 4.0.8 'about:' Domain Information Disclosure Vulnerability. CVE-2001-0596. Remote exploit for unix platform |
| id | EDB-ID:20791 |
| last seen | 2016-02-02 |
| modified | 2001-04-09 |
| published | 2001-04-09 |
| reporter | Florian Wesch |
| source | https://www.exploit-db.com/download/20791/ |
| title | Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure Vulnerability |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-051.NASL |
| description | Florian Wesch has discovered a problem (reported to bugtraq) with the way how Netscape handles comments in GIF files. The Netscape browser does not escape the GIF file comment in the image information page. This allows JavaScript execution in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14888 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14888 |
| title | Debian DSA-051-1 : netscape - unexpected javascript execution |
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393
- http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-014-01
- http://marc.info/?l=bugtraq&m=98685237415117&w=2
- http://www.debian.org/security/2001/dsa-051
- http://www.osvdb.org/5579
- http://www.redhat.com/support/errata/RHSA-2001-046.html
- http://www.securityfocus.com/bid/2637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6344