[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Netscape bug (in version 1.12)

> In article <[email protected]>, Ray Cromwell <[email protected]> writes:
> > This bug doesn't seem to crash Netscape, instead, it crashes my XServer
> > as soon as the mail window pops op. I'm too tired right now to try to
> > analyze it, but it might be another stack bug, this time, in the X
> > libraries because Netscape isn't doing any sanity checking.
> This is a bug in your X server, not in netscape.  The X server should
> never crash no matter what you send to it.

  That's true, but it is also true that Netscape should also be
performing some sanity checking on input rather than relying on 
the supporting libraries to be secure. Remember, a hole is a hole.
The last sendmail bug was a buffer overflow in syslog, however,
sendmail still got patched to do bounds checking on the strings
it was passing to syslog. 

  It looks like this is only bug on BSDI2.0/XAccel, and NT3.5/NS1.1. But
is it wise for netscape to be sending 10,000 character strings to GUI
functions anyway?