• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Netscape/Mozilla Null Character Cookie Stealing Vulnerability

Solution:
This issue has been addressed in Mozilla v0.9.7 and later, and Netscape v6.2.1 and later.

Upgrades are available:


Netscape Communicator 4.07

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.06

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.08

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Mozilla Browser 0.9.2

• Conectiva mozilla-1.0rc2-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-1.0rc2-1U60_1cl.i 386.rpm


• Conectiva mozilla-1.0rc2-1U60_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/mozilla-1.0rc2-1U60_1cl. src.rpm


• Conectiva mozilla-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-1.0rc2-1U70_1cl.i 386.rpm


• Conectiva mozilla-1.0rc2-1U70_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mozilla-1.0rc2-1U70_1cl. src.rpm


• Conectiva mozilla-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-1.0rc2-1U8_1cl.i386 .rpm


• Conectiva mozilla-1.0rc2-1U8_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/mozilla-1.0rc2-1U8_1cl.src .rpm


• Conectiva mozilla-devel-1.0rc2-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-devel-1.0rc2-1U60 _1cl.i386.rpm


• Conectiva mozilla-devel-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-1.0rc2-1U70 _1cl.i386.rpm


• Conectiva mozilla-devel-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-1.0rc2-1U8_1c l.i386.rpm


• Conectiva mozilla-devel-static-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-static-1.0r c2-1U70_1cl.i386.rpm


• Conectiva mozilla-devel-static-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-static-1.0rc2 -1U8_1cl.i386.rpm


• Conectiva mozilla-irc-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-irc-1.0rc2-1U70_1 cl.i386.rpm


• Conectiva mozilla-irc-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-irc-1.0rc2-1U8_1cl. i386.rpm


• Conectiva mozilla-mail-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-mail-1.0rc2-1U70_ 1cl.i386.rpm


• Conectiva mozilla-mail-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-mail-1.0rc2-1U8_1cl .i386.rpm


• Conectiva mozilla-psm-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-psm-1.0rc2-1U70_1 cl.i386.rpm


• Conectiva mozilla-psm-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-psm-1.0rc2-1U8_1cl. i386.rpm


• Mozilla Mozilla 0.9.7
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.2 .1

• Mozilla Mozilla 0.9.7
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.3

• Mozilla Mozilla 0.9.7
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.4

• Conectiva mozilla-1.0rc2-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-1.0rc2-1U60_1cl.i 386.rpm


• Conectiva mozilla-1.0rc2-1U60_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/mozilla-1.0rc2-1U60_1cl. src.rpm


• Conectiva mozilla-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-1.0rc2-1U70_1cl.i 386.rpm


• Conectiva mozilla-1.0rc2-1U70_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mozilla-1.0rc2-1U70_1cl. src.rpm


• Conectiva mozilla-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-1.0rc2-1U8_1cl.i386 .rpm


• Conectiva mozilla-1.0rc2-1U8_1cl.src.rpm
  Source RPM.
  ftp://atualizacoes.conectiva.com.br/8/SRPMS/mozilla-1.0rc2-1U8_1cl.src .rpm


• Conectiva mozilla-devel-1.0rc2-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-devel-1.0rc2-1U60 _1cl.i386.rpm


• Conectiva mozilla-devel-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-1.0rc2-1U70 _1cl.i386.rpm


• Conectiva mozilla-devel-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-1.0rc2-1U8_1c l.i386.rpm


• Conectiva mozilla-devel-static-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-static-1.0r c2-1U70_1cl.i386.rpm


• Conectiva mozilla-devel-static-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-static-1.0rc2 -1U8_1cl.i386.rpm


• Conectiva mozilla-irc-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-irc-1.0rc2-1U70_1 cl.i386.rpm


• Conectiva mozilla-irc-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-irc-1.0rc2-1U8_1cl. i386.rpm


• Conectiva mozilla-mail-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-mail-1.0rc2-1U70_ 1cl.i386.rpm


• Conectiva mozilla-mail-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-mail-1.0rc2-1U8_1cl .i386.rpm


• Conectiva mozilla-psm-1.0rc2-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-psm-1.0rc2-1U70_1 cl.i386.rpm


• Conectiva mozilla-psm-1.0rc2-1U8_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-psm-1.0rc2-1U8_1cl. i386.rpm


• Mozilla Mozilla 0.9.7
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.4 .1

• Mozilla Mozilla 0.9.7
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.5

• Mozilla Mozilla 0.9.7
  http://www.mozilla.org/releases/

Mozilla Browser 0.9.6

• Mozilla Mozilla 0.9.7
  http://www.mozilla.org/releases/

Netscape Communicator 4.0

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.4

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.5 BETA

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.5

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.51

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.6

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.61

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.7

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.72

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.73

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.74

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.75

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.76

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.77

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Netscape 4.77 Mac

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Communicator 4.78

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Netscape 6.0 Mac

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Netscape 6.0 1

• HP Netscape 6.21 for hp-ux
  http://www.hp.com/go/netscape

Netscape Netscape 6.1

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html

Netscape Netscape 6.2

• Netscape Netscape 6.2.1
  http://home.netscape.com/download/index.html