Check or Attack Name: Nav Javascript enabled

The web browser has JavaScript enabled. This option allows the web browser to automatically execute JavaScript code embedded in HTML. The web browser may automatically execute potentially malicious JavaScripts.

Depending on your version, select one of the following choices in Netscape Navigator:

• In Netscape Navigator 2.x, go to Security Preferences and enable 'Disable JavaScript.'

  To set Security Preferences in Netscape Navigator 2.x, follow these steps:

  1. Open Netscape Navigator 2.x.
  2. From the Options menu, select Security Preferences.
  3. Locate the security feature and set it to the recommended value.
  4. Click OK.
  
  
• In Netscape Navigator 3.x, from Network Preferences, go to the Language section and disable 'Enable JavaScript.'

  To set Security Preferences in Netscape Navigator 3.x, follow these steps:

  1. Open Netscape Navigator 3.x.
  2. From the Options menu, select Security Preferences.
  3. Click the General tab.
  4. Locate the security feature and set it to the recommended value.
  5. Click OK.
  
  
• To disable JavaScript via the Registry, follow these steps:


1. Open the Registry Editor. From the Start menu, select Run, type regedt32 (or regedit on Windows 95 or 98 computers), and click OK.
2. Set the 'HKEY_USERS\\Software\Netscape\Netscape Navigator\Java' value 'Enable JavaScript' (type REG_SZ) to 'No'.

CERT Advisory CA-97.20, JavaScript Vulnerability, http://www.cert.org/advisories/CA-97.20.javascript.html