[8280] in bugtraq
Re: buffer overflow vulnerability in netscape 3.0 to 4.5
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Oct 23 23:49:19 1998
Date: Fri, 23 Oct 1998 20:23:18 -0400
Reply-To: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
X-To: Paul Boehm <pb@insecurity.net>
To: BUGTRAQ@NETSPACE.ORG
In message <19981023193130.B31216@boehm.org>, Paul Boehm writes:
>Today news.com reported about a buffer overflow vulnerability in netscape3-4.5
>found by Dan Brumleve <nothing@shout.net>.
>
>Read the whole story on http://www.news.com/News/Item/0,4,27856,00.html?owv
>
>a sample exploit for linux netscape has been published by Dan Brumleve
>on his webpage: http://www.shout.net/~nothing/buffer-overflow-1/index.html
>
>Netscape is working on a patch.
I also have indications that under BSD/OS 4.0, Communicator 4.5 does not
disable Javascript, no matter what the setting. Can anyone confirm that
on other platforms? (Not surprisingly, I immediately deleted 4.5...)
