Bugtraq mailing list archives
Re: buffer overflow vulnerability in netscape 3.0 to 4.5
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Fri, 23 Oct 1998 20:23:18 -0400
In message <19981023193130.B31216 () boehm org>, Paul Boehm writes:
Today news.com reported about a buffer overflow vulnerability in netscape3-4.5 found by Dan Brumleve <nothing () shout net>. Read the whole story on http://www.news.com/News/Item/0,4,27856,00.html?owv a sample exploit for linux netscape has been published by Dan Brumleve on his webpage: http://www.shout.net/~nothing/buffer-overflow-1/index.html Netscape is working on a patch.
I also have indications that under BSD/OS 4.0, Communicator 4.5 does not disable Javascript, no matter what the setting. Can anyone confirm that on other platforms? (Not surprisingly, I immediately deleted 4.5...)
Current thread:
- Re: buffer overflow vulnerability in netscape 3.0 to 4.5 Steven M. Bellovin (Oct 23)
- JavaScript and Netscape 4.5 Jukka Suomela (Oct 25)
- Re: JavaScript and Netscape 4.5 Shaju Zachariah (Oct 26)
- <Possible follow-ups>
- Re: buffer overflow vulnerability in netscape 3.0 to 4.5 Michael Tomaino (Oct 23)
- JavaScript and Netscape 4.5 Jukka Suomela (Oct 25)