Title: Netscape Communicator Inconsistent SSL Certificate Warning Vulnerability
Severity: LOW
Description:
From the CERT Advisory (see Credit):
A flaw exists in Netscape Navigator that could allow an attacker to masquerade as a legitimate web site if the attacker can compromise the validity of certain DNS information. This is different from the problem reported in CERT Advisory CA-2000-05, but it has a similar impact.
Within one Netscape session, if a user clicks on "continue" in response to a "hostname does not match name in certificate" error, then that certificate is incorrectly validated for future use in the Netscape session, regardless of the hostname or IP address of other servers that use the certificate.
Affected Products:
- Netscape Communicator 4.0.0
- Netscape Communicator 4.5.0
- Netscape Communicator 4.51.0
- Netscape Communicator 4.6.0
- Netscape Communicator 4.61.0
- Netscape Communicator 4.7.0
- Netscape Communicator 4.72.0
- Netscape Communicator 4.73.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
