Bugtraq mailing list archives

Re: Buffer Overflow still exists in Netscape <= 4.76

From: Frank v Waveren <fvw () VAR CX>
Date: Tue, 16 Jan 2001 18:54:10 +0100

On Tue, Jan 16, 2001 at 12:19:43AM -0500, fish stiqz wrote:

All of the above advisories (and all that I've seen) state that netscape
versions up to and including 4.75 are vulnerable, not 4.76.  I have
caused netscape 4.76 on both redhat 6.2 and slackware-current to segfault.
Below is the proof of the pudding:


No dice, apart from a slight rendering bug if you go to the end of the
password field, it doesn't appear to have any problems here.

[/home/fvw] netscape -v
Netscape Lite 4.76/U.S., 06-Oct-00; (c) 1995-2000 Netscape Communications Corp.
[/home/fvw] rpm -qi netscape-navigator
Name        : netscape-navigator           Relocations: /usr
Version     : 4.76                              Vendor: Red Hat, Inc.
Release     : 0.6.2                         Build Date: Mon Nov 13 18:47:54 2000
Size        : 7690589                          License: Commercial
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The Netscape Navigator Web browser.


--
Frank v Waveren                                      Fingerprint: 0EDB 8787
fvw@[var.cx|dse.nl|stack.nl|chello.nl] ICQ#10074100     09B9 6EF5 6425 B855
Public key: http://www.var.cx/pubkey/fvw () var cx-gpg     7179 3036 E136 B85D

Current thread:

Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Szilveszter Adam (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Frank v Waveren (Jan 16)
  - Re: Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)
    - Re: Buffer Overflow still exists in Netscape <= 4.76 Arthur Clune (Jan 17)
    - Re: Buffer Overflow still exists in Netscape <= 4.76 Henryk Plötz (Jan 23)