[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Netscape bug (in version 1.12)

This bug does not crash Netscape 1.1S running on an SGI.

Aleph One / [email protected]
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 

On Tue, 3 Oct 1995, Ray Cromwell wrote:

> Date: Tue, 3 Oct 1995 04:36:44 -0400 (EDT)
> From: Ray Cromwell <[email protected]>
> To: [email protected]
> Subject: New Netscape bug (in version 1.12)
> C'punks, 
>   I just got back from a vacation in Raleigh, and downloaded the
> new "fixed" Netscape 1.12. It took me about an hour, but I've
> discovered another bug and potential security hole. This one relates
> to mailto:.
>   The bug is as follows. Create a HTML file with a hyperlink containing
> the following URL
> <a href="mailto:xxxxxx....(10,000 copies of the letter x)"> foo </a>
> This bug doesn't seem to crash Netscape, instead, it crashes my XServer
> as soon as the mail window pops op. I'm too tired right now to try to
> analyze it, but it might be another stack bug, this time, in the X
> libraries because Netscape isn't doing any sanity checking.
> I need help testing this bug on other platforms. I have created
> a test page. Go to http://www.gl.umbc.edu/~rcromw1/crash.html
> to test.
> I have also found 2 other bugs that cause stack trashing in v1.1
> however, they are random and I haven't been able to isolate them
> completely yet. (I have created a page on my system, such that if you
> visit it, after you visit about 3 more pages, it crashes)
> What's my point in pursuing this? Netscape's browser is a piece of
> software that runs on millions of computers and in effect, allows
> outside agents to input arbitrary data into that software. As such,
> it is unlike most applications made. Sure, Microsoft Word may have bugs,
> but how many people are downloading hundreds of MS Word documents
> everyday and viewing them? Users of Web browsers are exposing themselves
> like this everyday, and so I think, that web browsers must have higher
> standards of robustness.
> I think Netscape represents an enormous risk to computer security,
> and while I think they are heading in the right direction, there are
> some very basic implementation issues they need to clear up which are
> orthogonal to SSL and credit card transactions. All the cryptography
> in the world won't help you if someone can subvert your cryptobox.
> Netscape needs to do some serious quality assurance work. I've never
> been a QA person in my life, but within a few minutes, I have been
> able to find serious bugs in the software. And while I'm sure
> Netscape's coders are fine people, proof reading your own code,
> code that you look at everyday, becomes rather hard because you
> tend to "see through it". (just like proof reading essays, or messages)
> I think Netscape should hire some outside firm/group to review their
> code under non-disclosure for potential implementation holes.
> -Ray Cromwell <[email protected]>
> P.S. I am running Netscape v1.12 under BSDI2.0 and the XAccel/2.0 server