Vulnerability Development mailing list archives
Request for netscape buffer overflow feedback
From: fish stiqz <fish () ANALOG ORG>
Date: Tue, 13 Mar 2001 22:17:11 -0500
Hi guy/gals. Earlier this year I emailed bugtraq about the overflow in Netscape versions <= 4.76. For more information regarding this bug, go visit my website, I've made a page dedicated to it: http://gibson.analog.org/security/nutscrape I initially only tested this vulnerability on Linux platforms, recently I tried it with successful results on a few other platforms and browsers. These crashes are documented on the "vulnerable.html" page. I am asking that some people please try this on any browser you have, and any Operating System that you have, and email me the results requested on the page. Netscape never responded to this bug, and I find it very interesting that they never even fixed it the first time it was brought up (by Michael Zalewski) in late 2000, and right now I'm trying to get as much information about the bug as possible to facilitate possible exploitation in the future. Thanks so much for your time - fish stiqz. -- fish stiqz <fish () analog org> irc>irl?werd():lame()
Current thread:
- Request for netscape buffer overflow feedback fish stiqz (Mar 13)
- <Possible follow-ups>
- Re: Request for netscape buffer overflow feedback Nasko Oskov (Mar 14)