Netscape 4.x bug tickled by www.mcafee.com

[December 18, 2000]
Recently, I noticed that many of the pages at www.mcafee.com did not work properly on Netscape 4.x on Linux; most pages appeared blank except for a top navbar. Like the recent bug at www.microsoft.com, it appears to be related to the Javascript statement 'document.write()'.

The bug's effect can be seen by visiting e.g. the page http://www.mcafee.com/aboutus/ with and without Javascript enabled, doing 'Save As' to different files each time, and then comparing them on Unix with the command 'diff -bi'. The most interesting differences are as follows.
First, an excerpt from the page with Javascript disabled:

<td>
<IFRAME SRC="http://directads.mcafee.com/hserver/acc_random=10061572/SITE=Mcafee.com/AREA=Aboutus.homepage/AAMSZ=468x60" NORESIZE SCROLLING=NO HSPACE=0 VSPACE=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 WIDTH=468 HEIGHT=60>
<SCRIPT SRC="http://directads.mcafee.com/jnserver/acc_random=10061572/SITE=Mcafee.com/AREA=Aboutus.homepage/AAMSZ=468x60">
</SCRIPT>
</IFRAME>
</td>
...
<tr>
<td align=center>
<font face="Arial,Verdana,sans-serif" size=2 style="font-size:12px" color="#FF0000">
<b>Welcome</b>
</font>
</td>
</tr>

This contains the following statement:

<SCRIPT SRC="http://directads.mcafee.com/jnserver/acc_random=10061572/SITE=Mcafee.com/AREA=Aboutus.homepage/AAMSZ=468x60">
</SCRIPT>

which loads the following javascript:

document.writeln("<a href=\"http://directads.mcafee.com/adclick/CID=0000030fc0aa030b00000000/acc_random=10375157/SITE=Mcafee.com/AREA=Aboutus.homepage/AAMSZ=468x60\" target=\"_new\"><img src=\"http://ads.mcafee.com/mcafee_banners/mcafee.com/techknowhow/468x60_mcafee_2.gif\" border=0 alt=\"\" ></a>");
document.close();

which modifies the current document. This Javascript appears to corrupt the current document when run on the Linux version of Netscape 4.76.

The effects of the Javascript- both intended and unintended- can be seen in the same excerpt from the page with Javascript enabled:

<td>
<IFRAME SRC="http://directads.mcafee.com/hserver/acc_random=10369189/SITE=Mcafee.com/AREA=Aboutus.homepage/AAMSZ=468x60" NORESIZE SCROLLING=NO HSPACE=0 VSPACE=0 FRAMEBORDER=0 MARGINHEIGHT=0 MARGINWIDTH=0 WIDTH=468 HEIGHT=60>
<A href="http://directads.mcafee.com/adclick/CID=0000048cc0aa030b00000000/acc_random=10369189/SITE=Mcafee.com/AREA=Aboutus.homepage/AAMSZ=468x60" target="_new">
<IMG src="http://ads.mcafee.com/mcafee_banners/mcafee.com/placeware/cc2k2468x60.gif" border=0 alt="Click Here !" >
</A>
</IFRAME>
</TD>
...
<TR>
<TD align=center>
<FONT face="Arial,Verdana,sans-serif" size=2 style="font-size:12px" color="#FF0000">
<FONT face="Arial,Verdana,sans-serif" size=2 Ttyle="font-size:12px" color="#FF0000">
<B>Welcome</B>
</FONT>
</TD>
</TR>

You can see that the <SCRIPT>...</SCRIPT> has been overwritten by the Javascript with <A>...</A>.
But note the curious repeated FONT tag; the second repetition contains the corrupted attribute

Ttyle="font-size:12px"

This is consistent with corruption caused by document.write() seen on the Microsoft site, and for some reason, this causes Netscape to be unable to display most of the page.

Demo

See my writeup of the recent bug at www.microsoft.com for minimal test cases for a closely related bug.

[Back to www.kegel.com]
Dan Kegel