C'punks, I just got back from a vacation in Raleigh, and downloaded the new "fixed" Netscape 1.12. It took me about an hour, but I've discovered another bug and potential security hole. This one relates to mailto:. The bug is as follows. Create a HTML file with a hyperlink containing the following URL foo This bug doesn't seem to crash Netscape, instead, it crashes my XServer as soon as the mail window pops op. I'm too tired right now to try to analyze it, but it might be another stack bug, this time, in the X libraries because Netscape isn't doing any sanity checking. I need help testing this bug on other platforms. I have created a test page. Go to http://www.gl.umbc.edu/~rcromw1/crash.html to test. I have also found 2 other bugs that cause stack trashing in v1.1 however, they are random and I haven't been able to isolate them completely yet. (I have created a page on my system, such that if you visit it, after you visit about 3 more pages, it crashes) What's my point in pursuing this? Netscape's browser is a piece of software that runs on millions of computers and in effect, allows outside agents to input arbitrary data into that software. As such, it is unlike most applications made. Sure, Microsoft Word may have bugs, but how many people are downloading hundreds of MS Word documents everyday and viewing them? Users of Web browsers are exposing themselves like this everyday, and so I think, that web browsers must have higher standards of robustness. I think Netscape represents an enormous risk to computer security, and while I think they are heading in the right direction, there are some very basic implementation issues they need to clear up which are orthogonal to SSL and credit card transactions. All the cryptography in the world won't help you if someone can subvert your cryptobox. Netscape needs to do some serious quality assurance work. I've never been a QA person in my life, but within a few minutes, I have been able to find serious bugs in the software. And while I'm sure Netscape's coders are fine people, proof reading your own code, code that you look at everyday, becomes rather hard because you tend to "see through it". (just like proof reading essays, or messages) I think Netscape should hire some outside firm/group to review their code under non-disclosure for potential implementation holes. -Ray Cromwell <rjc@clark.net> P.S. I am running Netscape v1.12 under BSDI2.0 and the XAccel/2.0 server