[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another Netscape Bug (and possible security hole)



Ray Cromwell writes:
> I've found a Netscape bug which I suspect is a buffer overflow and
> may have the potential for serious damage. If it is an overflow bug,
> then it may be possible to infect every computer which accesses a web
> page with Netscape. To see the bug, create an html file containing
> the following:

Oh brother, this is unbelievable !

I'm using Netscape 1.1N under SunOS 4.1.2.

It turns out that the same (or a similar) flaw resides in the Open Location
input routine -- perhaps this merely coincides with the code called when a
URL is clicked. Anyway, pasting a URL with an overlong domain name a la Ray's
example causes two things:

(1) Part of the Open Location window widget, below the entry box, gets
overwritten onscreen with a portion of the entered URL.

(2) Netscape crashes with a segmentation fault (no core dump that I can see).

-Futplex <[email protected]>