New Netscape bug (in version 1.12)
Ray Cromwell
rjc at clark.net
Tue Oct 3 23:13:45 PDT 1995
> In article <DFv6uo.4so at sgi.sgi.com>, Ray Cromwell <rjc at clark.net> writes:
>
> > This bug doesn't seem to crash Netscape, instead, it crashes my XServer
> > as soon as the mail window pops op. I'm too tired right now to try to
> > analyze it, but it might be another stack bug, this time, in the X
> > libraries because Netscape isn't doing any sanity checking.
>
> This is a bug in your X server, not in netscape. The X server should
> never crash no matter what you send to it.
That's true, but it is also true that Netscape should also be
performing some sanity checking on input rather than relying on
the supporting libraries to be secure. Remember, a hole is a hole.
The last sendmail bug was a buffer overflow in syslog, however,
sendmail still got patched to do bounds checking on the strings
it was passing to syslog.
It looks like this is only bug on BSDI2.0/XAccel, and NT3.5/NS1.1. But
is it wise for netscape to be sending 10,000 character strings to GUI
functions anyway?
-Ray
More information about the cypherpunks-legacy
mailing list