I have found a buffer overflow in Netscape Communicator probably affecting all versions. The problem occurs when Communicator
attempts to validate any key where the key length is > 2k. I have tested this on 4.61 and 4.7, unix (Irix) and Windows. Netscape
has been notified of the problem and expect a fix for 4.8.
As the problem manifests during the check of the key, any portion of the key chain which has a key > 2k triggers the problem. Thus,
the potential for widespread DoS attacks via email. I suspect, but have not pursued, the possibility of exploiting the overflow to
execute arbitrary code.
--
Michael Breuer
mbreuer@siac.com
