From a recent BugTraq advisory
---- BEGIN CITE ----
Versions of netscape prior to 4.76 allow a client-side exploit through
a buffer overflow in html code. A malicious website operator can cause
arbitrary code to be executed by the user running the netscape client.
---- END CITE ----
I don't see any details of this in the release notes for 4.76. Do
you have a pointer to the original vulnerability report?g
if you mean a report before FreeBSD's advisory: I'm not aware of any.
Yeah, that's what I meant; I was surprised that the FreeBSD advisory
came out of the blue with no word from Netscape, or even the original
credited vulnerability discoverer.
any news yet?
4.76 errata packages were released.