[8270] in bugtraq
Re: buffer overflow vulnerability in netscape 3.0 to 4.5
daemon@ATHENA.MIT.EDU (Paul Boehm)
Fri Oct 23 19:49:12 1998
Date: Fri, 23 Oct 1998 19:43:29 +0200
Reply-To: Paul Boehm <pb@INSECURITY.NET>
From: Paul Boehm <pb@INSECURITY.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19981023193130.B31216@boehm.org>; from Paul Boehm on Fri,
Oct 23, 1998 at 07:31:30PM +0200
On Fri, Oct 23, 1998 at 07:31:30PM +0200, I wrote:
> Netscape is working on a patch.
oh, and I almost forgot (in fact, i did):
Netscape posted a workaround to their webpage that protects you against
this specific overflow, but also prevents existing plugins from working.
see:
http://www.netscape.com/products/security/resources/bugs/mimebufferoverflow.html
To quote their page, do the following to protect you:
1.In Communicator, select Preferences from the Edit menu.
2.In the Preferences dialog box, select the Navigator category.
3.Select Applications.
4.On the Description list, select the * entry and handled by Plug-in: Netscape
Default.
5.Click on the Edit button.
6.Set Handled By to Unknown: PromptUser.
7.Restart Navigator or Communicator.
bye,
paul
--
.----------------------------------------------------------------------.
| mail: pb@insecurity.net :: url: http://paul.boehm.org |
| irc: infected :: pgp: finger pb@insecurity.net | pgp -fka |
\.....Linux is like a wigwam - no windows, no gates, apache inside..../
