Netscape 7.02 DoS security flaw reported

Post by **old Harry Waldron** » April 4th, 2003, 11:22 am

I'm sharing this as an FYI ... While these vulnerabilities might exist, I also see this as low risk overall.

Denial of Service in Opera 7 and Netscape 7.02 Browsers
http://www.secadministrator.com/Article ... leID=38590

Reported April 2, 2003, by Marc Schönefeld.

VERSIONS AFFECTED

* Netscape 7.02

* Opera 7 using Sun Microsystems' Java Virtual Machine (JVM), version 1.4.1_02

DESCRIPTION
A vulnerability in Netscape 7.02 and Opera 7 Web browsers can result in a Denial of Service (DoS) condition.

DEMONSTRATION
As proof of concept, the discover posted the following code, which crashes the browsers when they run on Windows XP:

<scr1pt language="Javascript">
t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
</scr1pt>

VENDOR RESPONSE
Netscape and Opera haven't yet responded to this concern.

Z_God · Post by **Z_God** » April 4th, 2003, 2:51 pm

Is there any webpage that contains that code so it is possible to try it out?

willll · Post by **willll** » April 19th, 2003, 12:58 pm

yup, it fucks firebird, mozilla, and netscape, but strangely not k-meleon or opera.

its bugs 200016 and 199694 on bugzilla

jgraham · Post by **jgraham** » April 19th, 2003, 4:50 pm

Okay, I'm confused. This just seems to be a way of crashing the browser. How is that a security flaw anymore than any of the other crash bugs reported are? Whst am I missing?