I doubt this in the case of the browser. Atleast as far as the parsing is concerned. There may be a buffer overflow for example,
Buffer overflow seems like a much greater concern when dealing with a server. Particularly one which is supposedly "secure", and accessing "secured" documents. Even with the server running as 'nobody' if someone can implement buffer overflow to get access to documents they shouldn't then that would count as a pretty significant hack. I suspect that the server is where the majority of the bugs lie. My Hack Netscape page emphasizes the server as a place to look for holes.
when you input the url in the "open" window, but that has to be done manually by the user and isn't a threat, like a "rogue homepage" would be. The reason I doubt string buffer overflows in the case of the browser is that it seems to be written in some object oriented language, perhaps C++ (or maybe just oo-C like BSAFE). Once you have a general robust String class, you can prove it's non-overflowable, and therefore no composition of operations from the browser code will overflow it (unless of course, you break language safety by using casts and pointer manipulation) Secondly, Netscape has been very robust in my own testing against these common bugs. One of the things I've done lately is "tiger team" attacks against servers and browsers. (of course, sendmail is a brilliant counter example) (if you can find a call to gets() in Netscape, I will instantly retreat ;-) )
Netscape's security maybe bad, but the rest of their browser, or atleast their development process, is good engineering. They've built a very complex application, fairly quickly, that runs with very few bugs, across a wide variety of operating systems and GUI's, while maintaining a consistent user interface and feature set. Netscape 2.0 incorporated Java, LiveObjects, and more HTML3.0 in almost record time. (I wasn't expecting a Java capable Netscape until atleast December). I'd like to see Microsoft develop a piece of code that quickly that runs on umteen different flabors of Unix, MacOS, and Win3.1/95/NT. Hell, they can't even write code that runs smoothly across all three flavors of their operating system.
-Ray
-- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org