Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the Acros-Suencksen SSL vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Communicator | Netscape | 4.0 (including) | 4.0 (including) |
| Communicator | Netscape | 4.05 (including) | 4.05 (including) |
| Communicator | Netscape | 4.5 (including) | 4.5 (including) |
| Communicator | Netscape | 4.5_beta (including) | 4.5_beta (including) |
| Communicator | Netscape | 4.06 (including) | 4.06 (including) |
| Communicator | Netscape | 4.6 (including) | 4.6 (including) |
| Communicator | Netscape | 4.07 (including) | 4.07 (including) |
| Communicator | Netscape | 4.7 (including) | 4.7 (including) |
| Communicator | Netscape | 4.51 (including) | 4.51 (including) |
| Communicator | Netscape | 4.61 (including) | 4.61 (including) |
| Communicator | Netscape | 4.72 (including) | 4.72 (including) |
References
- http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
- http://www.cert.org/advisories/CA-2000-05.html
- http://www.redhat.com/support/errata/RHSA-2000-028.html
- http://www.securityfocus.com/bid/1188
- http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
- http://www.cert.org/advisories/CA-2000-05.html
- http://www.redhat.com/support/errata/RHSA-2000-028.html
- http://www.securityfocus.com/bid/1188