Red Hat Bugzilla – Bug 23608
Netscape Flash plugin buffer overflow
Last modified: 2014-03-16 22:17:58 EDT
All Netscape flash plugins on all platforms contain a trivially exploitable
buffer overflow which allows a hostile website to execute arbitrary code on
Obvious fix is to completely remove the Flash plugin.
Please don't wait until Macromedia publishes a fixed version and Netscape
publishes a new Navigator with this fixed plugin. Macromedia has proven to
be ignorant on this problem.
No, obviously we should just remove Netscape. After all, it's vulnerable
to a buffer overflow that's not been fixed.
In any case, it will be shipped but disabled in 4.76-5.
Actually, the buffer overflow is apparently *not* exploitable, FWIW.
... so we aren't going to disable it, unless someone has information
on how it's exploitable.
It is claimed by the vendor that its not exploitable. As we don't have the
source (nor the time to disassemble) IMHO one should apply "better safe than
People once claimed heap malloc() buffers not being maliciously exploitable. The
opposite was shown in the recent past.
Anyway, the flash plugin will be disabled in all my desktop installations
because I don't want to explain to customers why I did ignore the warning, just
because the vendor claimed, that... :-]
According to http://www.macromedia.com/v1/handlers/index.cfm?ID=23294 and
http://www.macromedia.com/v1/handlers/index.cfm?ID=23293 we this timehave a
coupple of exploitable overflows )-: Time to reopen the bug?