-----BEGIN PGP SIGNED MESSAGE-----
Ray Cromwell writes:
I've found a Netscape bug which I suspect is a buffer overflow and may have the potential for serious damage. If it is an overflow bug, then it may be possible to infect every computer which accesses a web page with Netscape. To see the bug, create an html file containing the following:
Oh brother, this is unbelievable !
I'm using Netscape 1.1N under SunOS 4.1.2.
It turns out that the same (or a similar) flaw resides in the Open Location input routine -- perhaps this merely coincides with the code called when a URL is clicked. Anyway, pasting a URL with an overlong domain name a la Ray's example causes two things:
(1) Part of the Open Location window widget, below the entry box, gets overwritten onscreen with a portion of the entered URL.
(2) Netscape crashes with a segmentation fault (no core dump that I can see).
Netscape 1.1N on a powermac crashes hard on that url. If anyone wants to try it out, I've put up a simple page with the url at http://www.redweb.com/experiment/bug.html *warning* view the source before you click on strange links!!! I don't do PPC assembler, so I can't tell you what happened. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBgAwUBMGJysHIf3YegbdiBAQF/RAJWNVXvLgyPEjVVoGUNoX/AqKlIiT5Axmek +dCoGJy6CMcP7fq3rB+DAt+SziIaG2X+rUSLt8ih39TBjD1FLAKKsE/VhBHJrp+v pSoO =jfLP -----END PGP SIGNATURE-----