Bug 20462 - Netscape 4.75 buffer overflow
Netscape 4.75 buffer overflow
Product: Red Hat Linux
Classification: Retired
Component: netscape (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-11-07 07:59 EST by Daniel Roesen
Modified: 2014-03-16 22:17 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-11-10 12:06:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Roesen 2000-11-07 07:59:22 EST
From a recent BugTraq advisory
(Message-ID:  <20001106234541.11EB637B65F@hub.freebsd.org>)

---- BEGIN CITE ----
Versions of netscape prior to 4.76 allow a client-side exploit through
a buffer overflow in html code. A malicious website operator can cause
arbitrary code to be executed by the user running the netscape client.
---- END CITE ----
Comment 1 Bill Nottingham 2000-11-07 12:42:08 EST
I don't see any details of this in the release notes for 4.76. Do
you have a pointer to the original vulnerability report?g
Comment 3 Daniel Roesen 2000-11-07 13:47:15 EST
if you mean a report before FreeBSD's advisory: I'm not aware of any.
Comment 4 Bill Nottingham 2000-11-07 15:41:48 EST
Yeah, that's what I meant; I was surprised that the FreeBSD advisory
came out of the blue with no word from Netscape, or even the original
credited vulnerability discoverer.
Comment 5 Daniel Roesen 2000-11-10 12:06:15 EST
any news yet?
Comment 6 Bill Nottingham 2000-11-19 00:56:32 EST
4.76 errata packages were released.

Note You need to log in before you can comment on or make changes to this bug.