Title: Netscape Communicator type=password Browser Buffer Overflow Vulnerability
Severity: MODERATE
Description:
Netscape Communicator is susceptible to a buffer overflow when viewing a HTML document with an INPUT tag containing the argument 'type=password' consisting of over 16 KB.
For example, the following code embedded in a HTML document will cause the browser to crash (the 'O' in FORM has been replaced with a zero):
<F0RM action=something method=something>
<INPUT type=password value=16_KB_character_string>
</F0RM>
Depending on the data entered, arbitrary code execution may be made possible but this has not been verified. Only the 'password' type is vulnerable to this exploit. A restart of the application is required in order to regain normal functionality.
Affected Products:
- Netscape Communicator 4.0.0
- Netscape Communicator 4.5.0
- Netscape Communicator 4.51.0
- Netscape Communicator 4.6.0
- Netscape Communicator 4.61.0
- Netscape Communicator 4.7.0
- Netscape Communicator 4.72.0
- Netscape Communicator 4.74.0
- Netscape Communicator 4.75.0
- Netscape Communicator 4.76.0
- SGI IRIX 6.5.11
- SGI IRIX 6.5.12
References:
- Netscape: Netscape Security
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
