Moz Champion (Dan) wrote:
> Netscape Guy wrote:
>> "Moz Champion (Dan)" wrote:
>>
>>>> What I mean by their dead products is Netscape isn't
>>>> developing them anymore.
>>> Microsoft hasn't STOPPED updating XP for security issues
>> But microsoft has stopped "developing" XP.
>>
>> Be more clear about what you mean by "developing" vs "updating".
>
>
> Updating and 'developing' in response to CERT issues are relatively the
> same thing. Microsoft is still updating XP for security issues. NO ONE
> is updating Netscape (4x, 7x, 8x or 9x) for anything.
>
>>> Microsoft doesn't expect to see the EOL (End of Life) for XP
>>> until 2014.
>> Actually, I think it's 2011 (10 years after it was released, which was
>> Sept / 2001 if I'm not mistaken).
>
> You are out of step, Microsoft has extended the EOL of Xp to 2014
>
>>> They will continue to provide sup****t and updates until that time,
>>> so no, XP is NOT DEAD.
>> But is XP still being "developed" ?
>
> 'Develop' and 'Update' with relation to CERT security issues are
> relative. If 'new' code has to be written to have XP contend with a new
> CERT issue, then yes, 'development' will continue until EOL
>
>>
>>> CERT doesn't do***ent threats against outdated/non sup****tted
>>> software.
>> But where are the re****ts of vulnerabilities to Netscape 4.x (or 7.x)
>> during the time-frame when those versions were current?
>
>
> Why ask me? Why don't you ask the people who make the re****ts of
> vulnerabilities where the re****ts are. CERT doesnt 'do' vulnerability
> re****ts on outdated/non-sup****tted software.
>
>> Where are *any* re****ts about the specific vulnerabilities that those
>> versions have?
>>
>> (long rant about "non-sup****ted" stuff deleted)
>>
>> All I'm asking for is specific postings or do***entation as to what
>> vulnerabilities Netscape 4.x or 7.x were re****ted or known to have.
>
> Why don't you go to the CERT sites and look them up? Why would anyone
> KEEP such re****ts when the software is no longer sup****tted?
>
>> All I've seen here so far is hearsay that they had vulnerabilities.
>>
>> In fact, here is one source that (apparently) is still do***enting
>> vulnerabilites for all versions of Netscape 4 and higher:
>>
>> http://secunia.com/product/83/?task=advisories
>>
>> And here is the list of vulnerabilities for Netscape 4.7x:
>>
>> http://secunia.com/product/83/?task=advisories
>>
>> Those vulnerabilities are as follows:
>>
>> Macromedia Flash Player Potential Vulnerabilities
>> Vendor Patch. Secunia Advisory 1 of 2 in 2003
>>
>> Java access to protected fields or methods
>> Vendor Patch. Secunia Advisory 2 of 2 in 2003
>>
>> MacroMedia FlashPlayer buffer overrun affects browsers too
>> Vendor Patch. Secunia Advisory 1 of 4 in 2002
>>
>> Internet Explorer / Netscape / Java multiple vulnerabilities
>> Vendor Patch. Secunia Advisory 2 of 4 in 2002
>>
>> Cross Site Scripting in multiple browsers
>> Vendor Patch. Secunia Advisory 4 of 4 in 2002
>>
>> Netscape disclosure of preferences
>> Unpatched. Secunia Advisory 3 of 4 in 2002
>>
>> Only the last of those really is the fault of Netscape 4.7x, and it
>> remains unpatched. Details:
>>
>> http://secunia.com/advisories/7561/
>>
>> ---------------
>> Description:
>>
>> Netscape stores the user preferences in a specific location. This
>> allows an attacker to steal it using javascript, it is required
>> however that the javascript is executed from a local drive or network
>> share.
>>
>> This could possibly reveal the users real name, email account, email
>> password and more.
>>
>> Solution:
>>
>> This is hardly a security issue, however we regard this as not being
>> critical as it requires an attacker to have local network access and
>> also requires some social engineering.
>>
>> An attacker who has come so far could do far more malicious things.
>>
>> Provided and/or discovered by:
>> Discovered by Bennett Haselton
>> Published by David Endler, iDEFENS
>> ---------------
>>
>> That vulnerability is classified as not critical.
>>
>> The second-last vulnerability in the above list is some-what esoteric
>> and does not really impact on the e-mail client aspect Netscape 4.7x.
>>
>> So again I ask:
>>
>> What do***ented e-mail handling or usenet news-reading/posting
>> vulnerabilities does Netscape 4.7x have?
>
>
> Dozens of such. Look in the archives for them. It is a non-sup****tted
> application tho, and any vulnerabilities will not be addressed.
> MOST of the new 'vulnerabilities' discovered that affect either
> SeaMonkey or Thunderbird will also affect Netscape 7x in a similar
> manner. Whether or not they affect Netscape Communicator 4x is unknown,
> because no one is testing it any longer!
I think you're on a loosing battle. Isn't this the same guy
who went on a rampage because Netscape was or wasn't
charging for their product?
--
*IM****TANT*: Sorry folks, but I cannot provide email help!!!!
Warning: Private emails sent to me may become public
Peter Potamus & His Magic Flying Balloon:
http://www.toonopedia.com/potamus.htm
|
