Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Request for netscape buffer overflow feedback

From: fish stiqz <fish () ANALOG ORG>
Date: Tue, 13 Mar 2001 22:17:11 -0500
Hi guy/gals.
Earlier this year I emailed bugtraq about the overflow in Netscape
versions <= 4.76.  For more information regarding this bug, go visit my
website, I've made a page dedicated to it:
http://gibson.analog.org/security/nutscrape

I initially only tested this vulnerability on Linux platforms, recently
I tried it with successful results on a few other platforms and browsers.
These crashes are documented on the "vulnerable.html" page.  I am asking
that some people please try this on any browser you have, and any Operating
System that you have, and email me the results requested on the page.
Netscape never responded to this bug, and I find it very interesting that
they never even fixed it the first time it was brought up (by Michael Zalewski)
in late 2000, and right now I'm trying to get as much information about the
bug as possible to facilitate possible exploitation in the future.

Thanks so much for your time

- fish stiqz.

--
fish stiqz <fish () analog org>
   irc>irl?werd():lame()
Previous By Date Next
Previous By Thread Next

Current thread: