Netscape bug update
I just verified in GDB using a stack trace that the Netscape overflow bug I mentioned is indeed a static stack buffer overflow. It trashes the stack. What this means is that in theory, it is possible to get a simple URL, if clicked on, to execute some code on someone's browser. Now the hard work begins... Happy Hacking, -Ray
I've decided that I'll pay Sameer for the shirt for Ray, regardless. However, if someone else produces the exploit first, they should get one, too! .pm Ray Cromwell writes:
I just verified in GDB using a stack trace that the Netscape overflow bug I mentioned is indeed a static stack buffer overflow. It trashes the stack.
What this means is that in theory, it is possible to get a simple URL, if clicked on, to execute some code on someone's browser.
Now the hard work begins...
Happy Hacking, -Ray
On Sep 22, 2:26, Ray Cromwell sent the following to the NSA's mail archives:
Subject: Netscape bug update || || I just verified in GDB using a stack trace that the Netscape overflow || bug I mentioned is indeed a static stack buffer overflow. It trashes || the stack. || || What this means is that in theory, it is possible to get a simple || URL, if clicked on, to execute some code on someone's browser. || || Now the hard work begins... ||
This is a new feature of Netscape 2.0, part of the Java package I believe... ;-) -- ========================================================================== David J. Bianco | Web Wonders, Online Oddities, Cool Stuff iTribe, Inc. | Phone: (804) 446-9060 Fax: (804) 446-9061 Suite 1700, World Trade Center | email: <bianco@itribe.net> Norfolk, VA 23510 | URL : http://www.itribe.net/~bianco/
participants (3)
-
David J. Bianco -
Perry E. Metzger -
Ray Cromwell