Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: buffer overflow vulnerability in netscape 3.0 to 4.5
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Fri, 23 Oct 1998 20:23:18 -0400


In message <19981023193130.B31216 () boehm org>, Paul Boehm writes:
Today news.com reported about a buffer overflow vulnerability in netscape3-4.5
found by Dan Brumleve <nothing () shout net>.

Read the whole story on http://www.news.com/News/Item/0,4,27856,00.html?owv

a sample exploit for linux netscape has been published by Dan Brumleve
on his webpage: http://www.shout.net/~nothing/buffer-overflow-1/index.html

Netscape is working on a patch.

I also have indications that under BSD/OS 4.0, Communicator 4.5 does not
disable Javascript, no matter what the setting.  Can anyone confirm that
on other platforms?  (Not surprisingly, I immediately deleted 4.5...)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]