CVE-1999-1357

Vulnerability

Netscape Communicator versions 4.04 through 4.7 on UNIX operating systems (Linux, Solaris, and others) interpret the byte 0x8b as a < opening tag character and 0x9b as a > closing tag character. CGI programs that filter HTML tags by removing only standard < and > symbols fail to catch these alternative byte representations, leaving a cross‑site scripting (XSS) vector [1].

Exploitation

An attacker can inject arbitrary HTML or JavaScript by including 0x8b and 0x9b bytes in input fields that are later reflected in a web page (e.g., guestbooks, webmail, or filtering systems). No special network position is required beyond the ability to submit crafted data to a vulnerable CGI; the attack executes when another user views the generated page in a vulnerable Netscape version [1].

Impact

Successful exploitation allows an attacker to inject arbitrary HTML or script into the context of the target site, potentially leading to session hijacking, credential theft, or defacement. The attack is limited to victims using a vulnerable Netscape version on UNIX; Windows and Mac versions display the bytes literally and do not parse them as tag delimiters [1].

Mitigation

No official patch from Netscape is mentioned in the available references. The recommended mitigation is to filter or encode all bytes in CGI output, specifically disallowing or encoding 0x8b and 0x9b in addition to the standard < and >. Upgrading to a later browser version that does not interpret these bytes as tag delimiters would also close the vector [1].