Description
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
Products
- Netscape Communicator 4.05
- Netscape Communicator 4.06
- Netscape Communicator 4.07
- Netscape Communicator 4.0
- Netscape Communicator 4.51
- Netscape Communicator 4.5
- Netscape Communicator 4.5 BETA
- Netscape Communicator 4.61
- Netscape Communicator 4.6
- Netscape Communicator 4.72
- Netscape Communicator 4.7
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2000-0406, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2000-0406 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References