[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another Netscape Bug (and possible security hole)
>
> No, you *can* put 0x22, 0x3e and 0x2f by using respectively
> " > and / html constructs (&#nnn; nn decimal ascii code)
> unfortunatly � is not recognized but you can probaly use any number
> substracted by itself or even short lda#0 (depending on the cpu),...if
> you need a zero,...(what for ?)
Oh that's great.. netscape might -not- be doing the conversion
before it crashes though.. worth a shot to check though, without a
doubt.
>
> I hope this helps too, btw, anywone having contacts on the 8lgm folks?
> they must have experience with that kind of stuff...
Karl told me that it's their policy only to do exploits for
bugs they have found themselves.
> Even if a patch should be availble now, making a demonstration is
> still interesting IMO [specially when you know that there are still
> ppl around using netscape 0.9x beta, and even ppl 'selling' it in ISP
> access packages!...]
Look at http://www.c2.org/ with an unpatched
netscape. Hopefully other sites will do similar things.
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
An Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") [email protected]