Netscape Communicator 4.x allows attackers to use a link to steal a users preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Communicator | Netscape | 4.76 | 4.76 |
Communicator | Netscape | 4.77 | 4.77 |
Communicator | Netscape | 4.61 | 4.61 |
Communicator | Netscape | 4.73 | 4.73 |
Communicator | Netscape | 4.7 | 4.7 |
Communicator | Netscape | 4.78 | 4.78 |
Communicator | Netscape | 4.74 | 4.74 |
Communicator | Netscape | 4.6 | 4.6 |
Communicator | Netscape | 4.72 | 4.72 |
Communicator | Netscape | 4.75 | 4.75 |