Subject: please Upgrade to Netscape 4.73
From: Vassily Litvinov (vass@cs.washington.edu)
Date: Tue May 23 2000 - 18:06:46 PDT
John,
Isn't it time to upgrade Netscape on our Solaris boxes?
Thanks,
Vass
---------- Forwarded message ----------
Date: Fri, 19 May 2000 16:05:29 GMT
From: Scott Rose <rose@cs.washington.edu>
Newsgroups: uw-cs.grads
Subject: Security Alert: Please Upgrade to Netscape 4.73
There is a new version of Netscape Communicator-- all platforms-- that
has important security fixes in several areas. In particular, all
versions prior to the new 4.73 release are susceptable to an exploit
of SSL (a.k.a. HTTPS protocol) that could allow a site to hijack an
SSL connection, perhaps in the midst of an "e-commerce" transaction.
Other changes involve fixes to a rather tame problem with
javascript, bookmarks, and cookies, and assorted bugfixes unrelated to
security.
If you use Netscape-- even if you don't use it for e-commerce
transactions-- you are strongly recommended to upgrade.
Because quite a few platforms are supported by Netscape, and because
of legal restrictions on distribution of the "128-bit" version that
most users will prefer, it's not practical for us to cache local
copies of the browser. Except for users running from shared copies
from fileservers, which should have already been updated, you must
update yourself. To do so, browse to
http://home.netscape.com/computing/download/index.html?cp=hom05p1.
On some platforms-- notably, Windows-- you can use the semi-automated
"Smart Update" option that is accessed under the Help:Software Updates
menu. In my experience, this is a more reliable means of upgrading
than the manual approach.
Expect *not* to have to reboot after upgrading.
Wishing more information?
Netscape Security Notes
http://home.netscape.com/security/notes/
CERT Advisory: Netscape Navigator Improperly Validates SSL Sessions
http://www.cert.org/advisories/CA-2000-05.html
Sorry, folks.
This archive was generated by hypermail 2b25 : Tue Oct 03 2000 - 15:21:34 PDT