H-76: Netscape Navigator Security Vulnerability

PROBLEM:       A problem has been identified in the Netscape Navigator. 
PLATFORM:      All platforms running Netscape Navigator 2.0, 3.0, and 
               Communicator 4.0. 
DAMAGE:        This vulnerability may allow a Web site operator to retrieve 
               known files from the hard disks of visiting users by mimicking 
               the submission of a form. 
SOLUTION:      Apply the workaround or the appropriate patch provided below. 
VULNERABILITY  The exploit is not currently available but knownledge of this 
ASSESSMENT:    vulnerability has been highly publicized by the media. 


Introduction
============

Recently, the Internet community was made aware of a bug in the Netscape 
Navigator. Netscape engineers were able to recreated the bug in Netscape 
Communicator and Navigator 2.0 and 3.0.

Known as the privacy bug, it may allow a Web site operator to retrieve known 
files from the hard disks of visiting users by mimicking the submission of a 
form. Under ordinary circumstances, users browsing on known, trusted sites 
are not at risk. However, if a user visits an unknown, untrusted site, the 
operator of that site could potentially retrieve files from a user's hard disk 
through an obscure series of steps. To access a file on the hard drive the 
Web site operator would need to know the exact name and location of the file. 
Even though the bug has been highly publicized, this factor in itself limits 
the possibility of this vulnerability being exploited. 

Netscape released the following statement: "The execution of this attack 
requires specific knowledge of the user's machine to cause harm and so is 
unlikely to be reproduced. Because this specific bug has existed for more 
than a year and a half since Navigator 2.0 -- and Netscape has never had a 
report about this bug or any loss based on this bug -- we believe the risk 
to users from this bug is relatively low."  

CIAC recommends that you apply the workarounds or the appropriate patch 
provided below.      

Workarounds
===========

To remove any risk of this bug, Navigator users should download 
the updated version of Communicator or Navigator, that includes the fix. 
In the interim, users of Navigator 3.0 and Communicator 4.0 can take the 
following steps to enable warning dialog boxes to detect and cancel form 
submissions: 

   In Navigator 3.0: Go to the Options menu and select Security 
                     Preferences. Select the "Submitting a Form 
                     Insecurely" preference to enable that warning 
                     dialog box. 

   In Navigator 4.0: Select the lock in the toolbar to open the 
                     Security Advisor. Select Navigator, then select 
                     the "Sending Unencrypted Information to a Site" 
                     preference to enable that warning dialog box.
 
Patches or Upgrades
===================
      
   Communicator 4.01 for Windows (includes the fix for privacy bug) 
      http://home.netscape.com/download/client_download.html?communicator4.01

   Navigator 3.0
      Fix pending Netscape release.

    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org