[COMP] Re: Security: Netscape v4.73 and below

John Madden wrote:
> 
> Just a note: Netscape v4.73 and earlier contains a really strange bug.
> Apparently, it's possible to embed code within JPEG images that Netscape
> actually *executes* on your system because of it mis-handling its rendering of
> the image.  It crashes, and on the way down, executes whatever's in the image.
> 
> I haven't heard a lot about this at the usual security places, so I thought 
> I'd
> pass it on here.  I'm not sure how (or if) this affects Windows users,
> but it's certainly a Unix issue.  Netscape v4.74 is available from Netscape's
> FTP site.
> 
> Btw, this may also contain a fix for the SSL holes Netscape's had for awhile.
> 
> John
> 
> --
> # John Madden  weez@xxxxxxxxxxxxxx ICQ: 2EB9EA
> # Sys-Admin / Webmaster, Avenir Web: http://avenir.dhs.org
> # LANdb: Network Admin Database - http://avenir.dhs.org/landb/
> # NCPweb: Web-based frontend to ncpfs - http://avenir.dhs.org/ncpweb/
> # Linux, Apache, Perl and C: All the best things in life are free!
> 

That's sweet. Do you have the site that explains how to do it? :)

-- 

James Gosnell
 goose@xxxxxxxxxxxx
 ICQ#1727569
 homepage site: http://sapphire.indstate.edu/~gosnellj
 project site: http://premed.dhs.org (currently down)

========================================
Avenir Web's Computers Mailing List

List Modes, Subscription, and General Info:
Go to http://avenir.dhs.org/mailing.html
List Archives: http://avenir.dhs.org/archives/
Administrative Contact: weez@xxxxxxxxxxxxxx

Get computer help: http://avenir.dhs.org
========================================

Other related posts: