lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5081390.1126744188926.JavaMail.juha-matti.laurio@netti.fi>
Date: Thu Sep 15 01:30:09 2005
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: FireFox Host: Buffer Overflow is not
	justexploitable on FireFox

> Hi Juha!
> 
> > I have informed the vendor Netscape being affected on 9th 
> > September 2005.
> 
> I did the same on the 10th of September - still no reply nor official
> statement from Netscape which makes me a little worried.

Good to know. It seems that's their way to act.
They had a coverage Security Center wp.netscape.com/security/index.html 
earlier, but all these wp.netscape.com pages redirect to Netscape 
Browser 8.0 Main Page when writing this.

> > Disabling IDN support via about:config (or prefs.js file) is 
> > possible in Netscape Browser 8 too. Xpi file for Firefox and 
>
> Correct. I reported that workaround on the 10th of September.
> 
> I did so using both the security address at netscape.com and the "submission
> form" on Netscape's official webpage. I never got any reply/respons from
> netscape. 

Yes, I have similar experiences. I have information that they are 
reading their bug report submissions, however.

> Netscape uses the same rendering engine as Firefox (unless explicitly told
> to use IE) and as such, will also be vulnerable. The workaround, covered by
> the Mozilla Team, will correct the problem simply by disabling IDN.
> 
> Regards
> Peter Kruse

Thanks for sharing the word.

- Juha-Matti

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ