From a recent BugTraq advisory (Message-ID: <20001106234541.11EB637B65F.org>) ---- BEGIN CITE ---- Versions of netscape prior to 4.76 allow a client-side exploit through a buffer overflow in html code. A malicious website operator can cause arbitrary code to be executed by the user running the netscape client. ---- END CITE ----
I don't see any details of this in the release notes for 4.76. Do you have a pointer to the original vulnerability report?g
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc
if you mean a report before FreeBSD's advisory: I'm not aware of any.
Yeah, that's what I meant; I was surprised that the FreeBSD advisory came out of the blue with no word from Netscape, or even the original credited vulnerability discoverer.
any news yet?
4.76 errata packages were released.