[39873] in Cypherpunks
Re: Netscape bug update
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Sep 22 08:28:29 1995
To: Ray Cromwell <rjc@clark.net>
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Fri, 22 Sep 1995 02:26:34 EDT."
<199509220626.CAB16453@clark.net>
Reply-To: perry@piermont.com
Date: Fri, 22 Sep 1995 08:26:51 -0400
From: "Perry E. Metzger" <perry@piermont.com>
I've decided that I'll pay Sameer for the shirt for Ray,
regardless.
However, if someone else produces the exploit first, they should get
one, too!
.pm
Ray Cromwell writes:
>
> I just verified in GDB using a stack trace that the Netscape overflow
> bug I mentioned is indeed a static stack buffer overflow. It trashes
> the stack.
>
> What this means is that in theory, it is possible to get a simple
> URL, if clicked on, to execute some code on someone's browser.
>
> Now the hard work begins...
>
>
> Happy Hacking,
> -Ray
>
>
