Netscape用户偏好信息泄漏漏洞

漏洞信息详情

Netscape用户偏好信息泄漏漏洞

• CNNVD编号：CNNVD-200211-044
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1204
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-11-29
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  netscape
• 漏洞来源：
  Discovery of this …

Netscape Communicator 4.x版本存在漏洞。攻击者可以通过重新定义user_pref()函数并访问储存在带有预定姓名目录中的prefs.js文件使用链接盗取用户偏好，包括潜在敏感信息，如URL历史，e-mail地址，甚至e-mail密码。

It has been reported that Netscape Communicator 6.x is not affected by this issue. If possible users are advised to upgrade as soon as possible.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: BID
名称: 6215
链接:http://www.securityfocus.com/bid/6215

来源: XF
名称: netscape-preferences-file(10655)
链接:http://www.iss.net/security_center/static/10655.php

来源: www.idefense.com
链接:http://www.idefense.com/advisory/11.19.02c.txt

来源: VULNWATCH
名称: 20021119 iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html