Bugtraq mailing list archives

Re: buffer overflow vulnerability in netscape 3.0 to 4.5

From: pb () INSECURITY NET (Paul Boehm)
Date: Fri, 23 Oct 1998 19:43:29 +0200


On Fri, Oct 23, 1998 at 07:31:30PM +0200, I wrote:

Netscape is working on a patch.


oh, and I almost forgot (in fact, i did):
Netscape posted a workaround to their webpage that protects you against
this specific overflow, but also prevents existing plugins from working.

see:
http://www.netscape.com/products/security/resources/bugs/mimebufferoverflow.html

To quote their page, do the following to protect you:
  1.In Communicator, select Preferences from the Edit menu.
  2.In the Preferences dialog box, select the Navigator category.
  3.Select Applications.
  4.On the Description list, select the * entry and handled by Plug-in: Netscape
    Default.
  5.Click on the Edit button.
  6.Set Handled By to Unknown: PromptUser.
  7.Restart Navigator or Communicator.

bye,
    paul

--
.----------------------------------------------------------------------.
| mail: pb () insecurity net   :: url: http://paul.boehm.org               |
| irc:  infected            :: pgp: finger pb () insecurity net | pgp -fka |
 \.....Linux is like a wigwam - no windows, no gates, apache inside..../

Current thread:

13 tiny bytes to show the huge sillyness of our great common bt398 (Oct 21)
- Re: 13 tiny bytes to show the huge sillyness of our great common Tero Pelander (Oct 22)
- bof in sdtcm_convert (Solaris 2.5) Joel Eriksson (Oct 23)
- buffer overflow vulnerability in netscape 3.0 to 4.5 Paul Boehm (Oct 23)
  - Re: buffer overflow vulnerability in netscape 3.0 to 4.5 Paul Boehm (Oct 23)