Bugtraq mailing list archives

Re: buffer overflow vulnerability in netscape 3.0 to 4.5

From: tomaino () UNIXG UBC CA (Michael Tomaino)
Date: Fri, 23 Oct 1998 18:06:46 -0700


Paul Boehm wrote:


On Fri, Oct 23, 1998 at 07:31:30PM +0200, I wrote:

Netscape is working on a patch.


oh, and I almost forgot (in fact, i did):
Netscape posted a workaround to their webpage that protects you against
this specific overflow, but also prevents existing plugins from working.


Just to follow this up..  (I'm sure you all can probably read this
yourselves)

To quote more of the page :
"Setting this prompt will not impair your ability to view pages with
other plug-ins you already have installed and you will retain the
ability to manually download and install new plug-ins as you need them.
"

So there actually is no downside..

Mike.

Current thread:

Re: buffer overflow vulnerability in netscape 3.0 to 4.5 Steven M. Bellovin (Oct 23)
- JavaScript and Netscape 4.5 Jukka Suomela (Oct 25)
  - Re: JavaScript and Netscape 4.5 Shaju Zachariah (Oct 26)
- <Possible follow-ups>
- Re: buffer overflow vulnerability in netscape 3.0 to 4.5 Michael Tomaino (Oct 23)