[15981] in bugtraq
Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers
daemon@ATHENA.MIT.EDU (Solar Designer)
Thu Jul 27 15:15:03 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID: <200007271543.TAA06053@false.com>
Date: Thu, 27 Jul 2000 19:43:58 +0400
Reply-To: Solar Designer <solar@FALSE.COM>
From: Solar Designer <solar@FALSE.COM>
X-To: isak.h@LINUXMAIL.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000726014711.14395.qmail@securityfocus.com> from
=?KOI8-R?Q?Isak_Holmstr=F6m?= at "Jul 26, 0 01:47:11 am"
> I have found that Netscape 4.74 is vulnerable, if you choose
> "View Page Source" in the right-click-menu....
>
> (Only tested on FreeBSD4.0)
We've exchanged a few e-mails with Isak regarding this, and the
conclusion is that Netscape 4.74 is indeed NOT vulnerable, including
on FreeBSD:
> > > Well, my guess is that it crashes due to some other error (related to
> > > the GUI) in this case. The JPEG file isn't even interpreted when you
> > > view it as "source"; what you get is a very long line of text.
That "View Page Source" crash should be investigated, as it's a bug
(not necessarily in Netscape itself) and can theoretically turn out
to be another vulnerability, -- but I can't reproduce it.
Signed,
Solar Designer
