Bugtraq mailing list archives
Re: Buffer Overflow still exists in Netscape <= 4.76
From: Frank v Waveren <fvw () VAR CX>
Date: Tue, 16 Jan 2001 18:54:10 +0100
On Tue, Jan 16, 2001 at 12:19:43AM -0500, fish stiqz wrote:
All of the above advisories (and all that I've seen) state that netscape versions up to and including 4.75 are vulnerable, not 4.76. I have caused netscape 4.76 on both redhat 6.2 and slackware-current to segfault. Below is the proof of the pudding:
No dice, apart from a slight rendering bug if you go to the end of the password field, it doesn't appear to have any problems here. [/home/fvw] netscape -v Netscape Lite 4.76/U.S., 06-Oct-00; (c) 1995-2000 Netscape Communications Corp. [/home/fvw] rpm -qi netscape-navigator Name : netscape-navigator Relocations: /usr Version : 4.76 Vendor: Red Hat, Inc. Release : 0.6.2 Build Date: Mon Nov 13 18:47:54 2000 Size : 7690589 License: Commercial Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Summary : The Netscape Navigator Web browser. -- Frank v Waveren Fingerprint: 0EDB 8787 fvw@[var.cx|dse.nl|stack.nl|chello.nl] ICQ#10074100 09B9 6EF5 6425 B855 Public key: http://www.var.cx/pubkey/fvw () var cx-gpg 7179 3036 E136 B85D
Current thread:
- Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Szilveszter Adam (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Frank v Waveren (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Arthur Clune (Jan 17)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Henryk Plötz (Jan 23)
- Re: Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)