CVE-2000-0409

Description

Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

Affected products

• netscape / communicator4.5 – 4.5
• netscape / communicator4.6 – 4.6
• netscape / communicator4.7 – 4.7
• netscape / communicator4.51 – 4.51
• netscape / communicator4.61 – 4.61
• netscape / communicator4.72 – 4.72
• netscape / communicator4.73 – 4.73

References

• MISChttp://www.securityfocus.com/bid/1201
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html