OMG: LOL: Netscape hole
Jason
jkenner@mindspring.com
Mon, 27 Nov 2000 14:54:31 -0700
sinck@ugive.com wrote:
> | 3. Problem description:
> |
> | A buffer overflow exists in Netscape's HTML parsing code. By
> | using specially designed code, a remote website could cause
> | arbitrary code to be run on the local machine.
> Now there is a hole. Gives a hole new meaning to "dynamic html".
Might have even given M$ a chance to look good for a few microseconds
if they hadnt been so busy being arrogant about refusing to support
Linux on any level ... As it stands now, its my belief that most pages
exploiting the hole will probably attempt to send code designed to run
on Windows x86 - so that even if the code runs, unless your running
netscape as root (No one is, are they??) it wont likely do harm (cant
access things on a hardware level, isnt designed to delete files thru
linux)
Of course.. <evil grin> netscape, even with this gaping hole, is still
a safer bet on a Linux box than MSIE on a Windows box, due to the
simple fact that all one must do is run the browser as its own
user....
--
jkenner @ mindspring . com__
I Support Linux: _> _ _ |_ _ _ _|
Working Together To <__(_||_)| )| `(_|(_)(_|
To Build A Better Future. | <s>