Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13682
HistoryAug 02, 2006 - 12:00 a.m.

Netscape/K-Meleon/Flock JavaScript navigator Vulnerability

2006-08-0200:00:00
vulners.com
22

Description:
The newest versions of Netscape, K-Meleon and Flock browsers are affected to JavaScript navigator vulnerability described in http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html and Mozilla Foundation Security Advisory 2006-45.

When method used in a web page Java would reference properties of the window.navigator object as it started up causing browsers to crash or switch to Not Responding state.

Test result:
PoC link of Browser Fun Blog causes Netscape and K-Meleon switch to Not Responding state. All information at other tabs (layers) was lost and browser sessions must kill with Windows Task Manager. CPU usage raised remarkably and all RAM available was used, Task Manager reported only 300 kilobytes free memory of 384 Mb.

Affected versions:
Vulnerability has been confirmed in Netscape Browser 8.1, K-Meleon 1.0 and Flock 0.7.3.2 in Windows 2000 SP4 fully patched.

Solution status:
No updated versions available from the vendor at the time of reporting.

Vendor status:
K-Meleon developers was contacted on 30th July 2006.

Exploitation requires that Java plug-in is in use. Java Environment 1.5.0_06 (1.5.0_06-b05) from Sun Microsystems Inc. was used in test machine.

References:
http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677

Credit:
This vulnerability was reported earlier in Firefox and SeaMonkey by anonymous person via Zero Day Initiative program.
Juha-Matti Laurio confirmed this vulnerability in Netscape Browser, K-Meleon and Flock.

Timeline:
28-Jul-2006 - Vulnerability confirmed in Netscape
29-Jul-2006 - Vulnerability confirmed in K-Meleon and Flock
30-Jul-2006 - Vendor was contacted (K-Meleon developers)
30-Jul-2006 - Security companies and several CERT units contacted

Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/

Related for SECURITYVULNS:DOC:13682