Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13951
HistoryAug 21, 2006 - 12:00 a.m.

Netscape Concurrency-related Memory Corruption Vulnerability

2006-08-2100:00:00
vulners.com
9

The newest version of Netscape Browser is affected to so-called concurrency-related XML handler memory corruption vulnerability disclosed on Bugtraq recently.
When visiting the test link http://lcamtuf.coredump.cx/ffoxdie.html (included to the original vulnerability report related to Firefox) browser crashed immediately generating Application Error. No user interaction was needed.

Affected versions:
Vulnerability has been confirmed in Netscape Browser 8.1 in Windows 2000 SP4 fully patched.

Solution status:
No updated version available from the vendor at the time of reporting.

Workarounds:
The following working workaround has been tested: Disable JavaScript support from Tools / Options… / Site Controls.

Vendor Homepage:
http://browser.netscape.com/ns8/

Credit:
This vulnerability was reported earlier in Firefox 1.5.0.6 by Michal Zalewski.
Juha-Matti Laurio confirmed this vulnerability in Netscape.

Timeline:
18-Aug-2006 - Vulnerability confirmed in Netscape
19-Aug-2006 - Vendor was contacted
19-Aug-2006 - Security companies and several CERT units contacted

Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/