April 30th, 2002 10:18 PM
Flaws Uncovered in Netscape, Mozilla
By Brian Morrissey
GreyMagic Software said both
Netscape and Mozilla browsers are at risk for an attack that would allow local files to be read.
According to a security posting on its Web site, the Israel-based software company found that a component for retrieving XML documents from a Web server, known as XMLHTTP, can be used to read local files by blindly following server-side redirections.
"By directing the 'open' method to a Web page that will redirect to a local/ remote file, it is possible to fool Mozilla into thinking it's still in the allowed zone, therefore allowing us to read it," the warning reads. "It is then possible to inspect the content by using the responseText property."
GreyMagic said it tested Netscape 6.1 and 6.2, for both Windows2000 and NT4. It also said it tested Mozilla 0.9.7 for NT4 and 0.9.9 for Windows2000 and NT4.
The warning builds on an advisory from Dec. 15, 2001, posted by a Dutch ISP, which said Microsoft's Internet Explorer browser was vulnerable to same type of XMLHTP attack. Microsoft issued a patch for the bug in late February.
As of now, Netscape has not issued a patch for the bug. GreyMagic Security said users "should move to a better performing, less buggy browser."
The rancorous tone arises from GreyMagic's feeling that Netscape did not live up to the promises in its "Bug Bounty Program," which offers $1,000 rewards for finding security flaws. GreyMagic claims it contacted Netscape last week twice, through its online security notification form, but never heard back.
Netscape officials were unavailable for comment.
GreyMagic asserted it always tries to work with software companies on security flaws it finds, but said it would now post Netscape warnings without contacting the company. Recently, GreyMagic posted a batch of warnings about security flaws in Microsoft's Office Web Components. In that instance, too, the company issued the warnings before the problem was patched, saying it could not wait until Microsoft finished investigating the problem.
April 30, 2002
This article mainly talkes about Netscape, but what about Mozilla? Has this been fixed in 0.9.8 and above?