[SuSE Linux] Netscape warnings on update page?
Hi, I was looking at the suse updates and there were a couple of warnings on the page <A HREF="ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/pay1/Warning.Netscape"><A HREF="ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/pay1/Warning.Netscape</A">ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/pay1/Warning.Netscape</A</A>> One warning relates to Javascript bugs, and I can understand that. The other warning says not to use netscape for personal mail, this one I don't understand, and wonder what it is about. Does this warning extend to later versions such as 4.5? Quoting: Netscape 4.06 ============= The new Netscape version 4.06 fixes some security bugs in Java[tm] and MIME handling. These are good news for all those who uses Netscape for mailing. Note: DO NOT USE NETSCAPE FOR YOUR PERSONAL MAILS! DO NOT RUN NETSCAPE AS ROOT! - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
On Fri, 27 Nov 1998, zentara wrote:
Hi, I was looking at the suse updates and there were a couple of warnings on the page
<A HREF="ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/pay1/Warning.Netscape"><A HREF="ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/pay1/Warning.Netscape</A">ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.3/pay1/Warning.Netscape</A</A>>
One warning relates to Javascript bugs, and I can understand that.
The other warning says not to use netscape for personal mail, this one I don't understand, and wonder what it is about. Does this warning extend to later versions such as 4.5?
Yes, from the 4.5 Release Notes: "Netscape has recently been alerted to a security vulnerability that affects the Netscape Navigator browser software. The MIME Type Buffer Overflow Vulnerability affects the Unix versions of Netscape Communicator 4.5 (note: Windows and Macintosh are NOT affected). Although Netscape has verified this bug, no customer incidents of lost or stolen data have been reported to Netscape. For more information and updates, see the MIME Type Buffer Overflow Vulnerability page." (<A HREF="http://home.netscape.com/products/security/resources/bugs/mimebufferoverflow.html"><A HREF="http://home.netscape.com/products/security/resources/bugs/mimebufferoverflow.html</A">http://home.netscape.com/products/security/resources/bugs/mimebufferoverflow.html</A</A>>) This bug also affected many other mailers, including Pine versions up to and including 4.02. BTW, I've just noticed the following in the notes as well, which should help whoever was having trouble with Netscape and $CLASSPATH earlier: "You should set the CLASSPATH environment variable only if you need to install special Java files in Communicator. Communicator uses CLASSPATH to find local .class files. If CLASSPATH is set in the user's environment, only the .jar files and directories specified in the CLASSPATH are searched. If you set your CLASSPATH variable, you need to make sure that each .jar file in $MOZILLA_HOME/java/classes is listed individually in your CLASSPATH." Netscape should work fine without $CLASSPATH as long as $MOZILLA_HOME is set. Phil -- Philip Stokes Email: phil@stokes.demon.co.uk Fax: +44 (0)870 164 1242 - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
Philip Stokes wrote:
On Fri, 27 Nov 1998, zentara wrote:
The other warning says not to use netscape for personal mail, this one I don't understand, and wonder what it is about. Does this warning extend to later versions such as 4.5?
Yes, from the 4.5 Release Notes:
"Netscape has recently been alerted to a security vulnerability that affects the Netscape Navigator browser software. The MIME Type Buffer Overflow Vulnerability affects the Unix versions of Netscape Communicator 4.5
(<A HREF="http://home.netscape.com/products/security/resources/bugs/mimebufferoverflow.html"><A HREF="http://home.netscape.com/products/security/resources/bugs/mimebufferoverflow.html</A">http://home.netscape.com/products/security/resources/bugs/mimebufferoverflow.html</A</A>>)
In 4.5 the solution is pretty simple: from the site above, all one has to do is set a couple of things in Preferences. And there's a patch for 4.08 -- Sandy Seeds Going there today with SuSE Linux! - To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
participants (3)
-
phil@stokes.demon.co.uk -
sandyseeds@iname.com -
zentara@mindspring.com