[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Media Accuracy

To: [email protected]
Subject: Media Accuracy
From: "Martin Diehl" <[email protected]>
Date: Wed, 18 Oct 95 14:42:35 CST
Sender: [email protected]

     In the October 16, 1995 issue of PC Week, Spencer F. Katt writes:
     
     >Isn't it ironic?  Andreessen creates the WEB while in college; now 
     >college students are finding all the holes in it.  Two students have 
     >uncovered a serious bug in Netscape Navigator, one Katt source 
     >contends.  The browser has a 2K-byte buffer for reading HTML 
     >documents.  Well, these tipsters found that once the page has sent 
     >more than 2K, any assembly code in the HTML document will be 
     >executed.  As an experiment, these kids set up a simple Web server 
     >with some assembly code embedded in the HTML page to overwrite the 
     >client computer's FAT table [sic].  Sure enough, it worked.
     
     >[email protected]
     
     He might be talking about the (already fixed) bug that allowed an HREF 
     that is longer than 356 bytes to overwrite the stack.  Hadn't heard 
     here that anything would happen other than getting Netscape to crash.  
     No names or URL's were given in the story.  Maybe he needs an update.
     Maybe we need an update.
     
     Martin G. Diehl

Follow-Ups:
- Re: Media Accuracy
  - From: Jeff Weinstein <[email protected]>

Prev by Date: Re: Brief Rant (Re: Oh to be a mouse in the corner...)
Next by Date: [NOISE] Re: Netscape rewards are an insult
Prev by thread: Re: digital cash and identity disclosure
Next by thread: Re: Media Accuracy
Index(es):
- Date
- Thread