Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

netscape.coredump.txt

🗓️ 17 Aug 1999 00:00:00Reported by Echo8Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Netscape Navigator core dumps expose sensitive user data including passwords and bookmarks.

Code
`  
Problem with Netscape Navigator Core Dumps  
******************************************  
  
When Netscape Navigator for unix dumps core, at least the following are readily   
extractable from the core dump:  
  
* the complete contents of the user's bookmarks file  
  
* the URL of every site visited in the session  
  
* the text of every site visited in the session  
  
* the complete contents of the user's unix environment  
  
* plaintext of ANY USERNAME/PASSWORD PAIR USED DURING THE SESSION, and the   
urls to which they belong  
  
* the contents of ANY FORM SUBMITTED during the session   
  
This stuff is trivially accessible using the "strings" utility or a binary   
editor. I first noticed this while idly poking at a core left by Netscape when  
it crashed during normal use. When I started testing, I caused dumps by sending  
SIGILL.  
  
Versions tested (and vulnerable):  
  
3.04 - Solaris, linux  
4.04 - Solaris, linux  
4.05 - Solaris  
4.08 - Solaris, linux   
  
Versions on which I could NOT reproduce this (which doesn't mean that problem   
isn't there, just that I couldn't make it happen):  
  
4.5 - Solaris  
  
Other info:  
  
* The cores are dumped into Netscape's cwd, which is usually a user's home  
directory.  
  
* When the cores are dumped, they are dumped with permissions set according to   
the user's umask. So, if permissions on the user's directory and the  
user's umask are 700 and 077 respectively, the core file will not be  
readable by other, non-root users. That being the case, it's probably  
easier to obtain username/password pairs by ethernet sniffing, however,  
that's no reason for Netscape to ignore the problem, and many users  
(including admins) are not so careful about their permissions...  
  
* Netscape was notified of the existence of this probem approximately two weeks  
ago, and I've had no response of any kind.   
  
  
by echo8, 3/4/1999  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
netscape navigatorcore dumpssensitive datauser passwordsbookmarksunix environmentsecurity flaw.
20