[Am-info] Netscape/Mozilla IRC Buffer Overflow Vulnerability
Fred A. Miller
fm@cupserv.org
Mon, 6 May 2002 16:44:02 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Netscape/Mozilla IRC Buffer Overflow Vulnerability
BugTraq ID: 4637
Remote: Yes
Date Published: Apr 30 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4637
Summary:
Mozilla is a freely available, open-source web browser. It runs on most
Linux and Unix variants, as well as MacOS and Microsoft Windows
9x/ME/NT/2000/XP operating systems. Netscape is another web-browser
product which runs on the same platforms as Mozilla.
Netscape and Mozilla crash when handling an exceptionally long request
(32KB+) for a channel using the IRC protocol.
An attacker may exploit this issue to crash a web user's browser. This i=
s
most likely to occur via a hyperlink in a malicious webpage, but may also
occur via HTML e-mail.
This issue is most likely due to a buffer overflow condition, but it is
not known whether this condition may be exploited to execute arbitrary
attacker-supplied instructions.
Other browsers based on the Mozilla codebase (such as Galeon) may also be
affected by this issue.
- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjzW6xIACgkQB9vk4ichYXdc6ACfXeezG9wX2jWARWKuWT2Z1RCq
plIAnj2Tjq3P5h+zjlfrcDEEcwuTlb6Z
=3DmZ7U
-----END PGP SIGNATURE-----