[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Netscape bug (in version 1.12)

In article <[email protected]>, Ray Cromwell <[email protected]> writes:

> C'punks, 
>   I just got back from a vacation in Raleigh, and downloaded the
> new "fixed" Netscape 1.12. It took me about an hour, but I've
> discovered another bug and potential security hole. This one relates
> to mailto:.

>   The bug is as follows. Create a HTML file with a hyperlink containing
> the following URL

> <a href="mailto:xxxxxx....(10,000 copies of the letter x)"> foo </a>

> This bug doesn't seem to crash Netscape, instead, it crashes my XServer
> as soon as the mail window pops op. I'm too tired right now to try to
> analyze it, but it might be another stack bug, this time, in the X
> libraries because Netscape isn't doing any sanity checking.

This is a bug in your X server, not in netscape.  The X server should
never crash no matter what you send to it.

> I need help testing this bug on other platforms. I have created
> a test page. Go to http://www.gl.umbc.edu/~rcromw1/crash.html
> to test.

This doesn't crash my X server (SGI Irix 6.2), so it's probably specific
to XAccel.

Sure we spend a lot of money, but that doesn't mean    |  Tom Weinstein
we *do* anything.  --  Washington DC motto             |  [email protected]