Jeff Weinstein writes:
I suspect that there are far more flaws in Netscape. String buffer overflows are another good guess here -- they are probably rampant through the code both for the browser and the commerce server they sell. I can't prove it myself, of course, given that I don't have the time to rip the thing apart, but the same folks never seemed to learn their lesson in release after release when they worked at NCSA, and the only thing thats probably keeping their dignity here is the lack of distributed source code.
Sigh. For your information the security code for 1.x versions of netscape was not even written by someone from NCSA.
If there is ANY place in the code that I can do a data driven buffer overflow, I can force you to execute code that I supply. I don't give a damn if it's in the "security" code. It makes no difference where it is. If there is a chink, thats it -- you're meat. Besides, the "security code" obviously was written by someone who doesn't understand anything about cryptography and yet presumed to play cryptographer. A person who thinks seeding things off the time makes for a good PRNG is capable of almost anything.
In the places in the code that I have seen where it looked like such errors could have crept in, I have found that the correct checks for buffer overflow have been in place.
I have very serious doubts in this regard -- VERY serious doubts, especially given what I've been told by several former Netscape employees. Perry