|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers
From: Solar Designer (solar
FALSE.COM)Date: Thu Jul 27 2000 - 10:43:58 CDT
- Next message: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM"
- Previous message: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - GPM"
- In reply to: Isak : "Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers"
- Reply: Solar Designer: "Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I have found that Netscape 4.74 is vulnerable, if you choose
> "View Page Source" in the right-click-menu....
>
> (Only tested on FreeBSD4.0)
We've exchanged a few e-mails with Isak regarding this, and the
conclusion is that Netscape 4.74 is indeed NOT vulnerable, including
on FreeBSD:
> > > Well, my guess is that it crashes due to some other error (related to
> > > the GUI) in this case. The JPEG file isn't even interpreted when you
> > > view it as "source"; what you get is a very long line of text.
That "View Page Source" crash should be investigated, as it's a bug
(not necessarily in Netscape itself) and can theoretically turn out
to be another vulnerability, -- but I can't reproduce it.
Signed,
Solar Designer
- Next message: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM"
- Previous message: Security: "CONECTIVA LINUX SECURITY ANNOUNCEMENT - GPM"
- In reply to: Isak : "Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers"
- Reply: Solar Designer: "Re: JPEG COM Marker Processing Vulnerability in Netscape Browsers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]