OMG: LOL: Netscape hole
sinck@ugive.com
sinck@ugive.com
Mon, 27 Nov 2000 14:14:01 -0700
From Bugtraq:
| ---------------------------------------------------------------------
| Red Hat, Inc. Security Advisory
|
| Synopsis: New Netscape packages available
| Advisory ID: RHSA-2000:109-05
| Issue date: 2000-11-17
| Updated on: 2000-11-27
| Product: Red Hat Linux
| Keywords: netscape HTML buffer overflow
| Cross references: N/A
| ---------------------------------------------------------------------
|
| 1. Topic:
|
| New Netscape packages are available that fix a buffer overflow
| in parsing HTML.
|
| It is recommended that all Netscape users update to the fixed
| packages.
|
| [...]
|
| 3. Problem description:
|
| A buffer overflow exists in Netscape's HTML parsing code. By
| using specially designed code, a remote website could cause
| arbitrary code to be run on the local machine.
Now there is a hole. Gives a hole new meaning to "dynamic html".
David