Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a < sign, and the 0x9b character to a > sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Communicator | Netscape | * | 4.7 (including) |
| Communicator | Netscape | 4.04 (including) | 4.04 (including) |
| Communicator | Netscape | 4.51 (including) | 4.51 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=93915331626185\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=93915331626185\u0026w=2