[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape bug update

To: Ray Cromwell <[email protected]>
Subject: Re: Netscape bug update
From: "Perry E. Metzger" <[email protected]>
Date: Fri, 22 Sep 1995 08:26:51 -0400
Cc: [email protected]
In-Reply-To: Your message of "Fri, 22 Sep 1995 02:26:34 EDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


I've decided that I'll pay Sameer for the shirt for Ray,
regardless.

However, if someone else produces the exploit first, they should get
one, too!

.pm

Ray Cromwell writes:
> 
>   I just verified in GDB using a stack trace that the Netscape overflow
> bug I mentioned is indeed a static stack buffer overflow. It trashes
> the stack.
> 
>   What this means is that in theory, it is possible to get a simple
> URL, if clicked on, to execute some code on someone's browser.
> 
>   Now the hard work begins...
> 
> 
> Happy Hacking,
> -Ray
> 
>

References:
- Netscape bug update
  - From: Ray Cromwell <[email protected]>

Prev by Date: Re: Another Netscape Bug (and possible security hole)
Next by Date: Re: first virtual "security" (!!) (was Re: Security Flaw Is Discovered InSoftware Used in Shopping)
Prev by thread: Netscape bug update
Next by thread: Re: Netscape bug update
Index(es):
- Date
- Thread