Bugtraq mailing list archives
[Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0?
From: "Jonathan A. Zdziarski" <jonathan () networkdweebs com>
Date: Tue, 19 Mar 2002 09:01:25 -0500
It looks like this bug was fixed in 0.9.6, and hasn't made its way into the Netscape build yet, and RedHat appears to still be distributing the older browser. The 0.9.6 fix: http://bugzilla.mozilla.org/show_bug.cgi?id=100595 Netscape does not feel that this is a security hole, as the junk being outputted is only pointing to a freed memory buffer. The worse that they feel could happen is that it could cause the browser to crash and possibly spill some contents from the freed memory, but it should not be possible to execute any code by placing data in the right place. Future versions of Netscape should automatically be patched as soon as they build with a version of Mozilla >=0.9.6
Current thread:
- [Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0? Jonathan A. Zdziarski (Mar 20)