[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Media Accuracy
Martin Diehl wrote:
> In the October 16, 1995 issue of PC Week, Spencer F. Katt writes:
> >Isn't it ironic? Andreessen creates the WEB while in college; now
> >college students are finding all the holes in it. Two students have
> >uncovered a serious bug in Netscape Navigator, one Katt source
> >contends. The browser has a 2K-byte buffer for reading HTML
> >documents. Well, these tipsters found that once the page has sent
> >more than 2K, any assembly code in the HTML document will be
> >executed. As an experiment, these kids set up a simple Web server
> >with some assembly code embedded in the HTML page to overwrite the
> >client computer's FAT table [sic]. Sure enough, it worked.
> >[email protected]
> He might be talking about the (already fixed) bug that allowed an HREF
> that is longer than 356 bytes to overwrite the stack. Hadn't heard
> here that anything would happen other than getting Netscape to crash.
> No names or URL's were given in the story. Maybe he needs an update.
> Maybe we need an update.
As far as I can tell, this is just an inaccurate re-reporting of
Ray's buffer overflow hack, which we fixed in our security patch.
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.