Netscape has released a patch for its eponymous Web browser and email client to address several highly critical vulnerabilities.
Three vulnerabilities are reported.
The first is where Netscape allows remote attackers to execute arbitrary code by tricking the user into using the ‘Set as Background’ context menu on an image URL that is really a ‘javascript: URL’ with an evil statement.
The second allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a ‘javascript: URL’, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged ‘chrome: URL’.
Third, it does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
The Netscape 8.0.3.1 patch is available from the Netscape website.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
