Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: buffer overflow vulnerability in netscape 3.0 to 4.5
From: pb () INSECURITY NET (Paul Boehm)
Date: Fri, 23 Oct 1998 19:43:29 +0200


On Fri, Oct 23, 1998 at 07:31:30PM +0200, I wrote:
Netscape is working on a patch.

oh, and I almost forgot (in fact, i did):
Netscape posted a workaround to their webpage that protects you against
this specific overflow, but also prevents existing plugins from working.

see:
http://www.netscape.com/products/security/resources/bugs/mimebufferoverflow.html

To quote their page, do the following to protect you:
  1.In Communicator, select Preferences from the Edit menu.
  2.In the Preferences dialog box, select the Navigator category.
  3.Select Applications.
  4.On the Description list, select the * entry and handled by Plug-in: Netscape
    Default.
  5.Click on the Edit button.
  6.Set Handled By to Unknown: PromptUser.
  7.Restart Navigator or Communicator.

bye,
    paul

--
.----------------------------------------------------------------------.
| mail: pb () insecurity net   :: url: http://paul.boehm.org               |
| irc:  infected            :: pgp: finger pb () insecurity net | pgp -fka |
 \.....Linux is like a wigwam - no windows, no gates, apache inside..../



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]