31 January 2002 Security Advisory From Netscape's home page Cookie Vulnerability A flaw that could potentially allow a malicious web site to read the cookies that another site has stored on a user's computer has been discovered in Netscape 6 through 6.2 versions of the Netscape browser. There are no known instances of this flaw being exploited. This issue does not affect users of Netscape 6.2.1, which is now available for download (at http://home.netscape.com/computing/download/index.html), nor does it effect users of Netscape Communicator 4.x versions. We encourage those using Netscape versions 6 through 6.2 to upgrade to the recently released Netscape 6.2.1. SmartDownload Exploit A potential exploit was discovered for Netscape SmartDownload version 1.3 in which a buffer overflow could potentially be used to execute malicious code on a user's computer. The potential exploit affects Netscape 4.x or Internet Explorer Browser users with SmartDownload 1.3 installed on their computer. This does not affect users running Netscape 6. Netscape has issued SmartDownload version 1.5 which avoids the potential exploit. Although there are no known instances of this exploit ever actually occurring, upgrading to version 1.5 will ensure that you are not affected. Download and install the latest version of SmartDownload or uninstall version 1.3 using the Windows Control Panel's Add/Remove programs option. The Brown Orifice Vulnerability This vulnerability has been identified in Netscape Communicator versions 4.0 through 4.74 on Windows, Macintosh and Unix operating systems. This vulnerability does not affect Netscape 6. Netscape has released Netscape 4.76 and Netscape 6, which are not subject to this vulnerability. Your privacy is important to me. No one on this list can see your email address. If you want to be removed from this list, just hit the reply button and include the word "remove" at the top of the message. Fredo Martin www.workingarts.com Workingarts security advisories are archived at www.workingarts.com/infosecarchives.html