From: futplex@pseudonym.com (Futplex)
Date: Wed, 27 Sep 95 20:44:36 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Another Netscape Bug (and possible security hole)
In-Reply-To: <9508278122.AA812233405@ax.asc-yf.wpafb.af.mil>
Message-ID: <199509280344.XAA25414@thor.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ray Cromwell writes:
# I've found a Netscape bug which I suspect is a buffer overflow and 
# may have the potential for serious damage. 

Mike D. writes:
> Is there any way to avoid/prevent this problem by changing options in 
> NetScape?

I'm afraid there's no way to completely eliminate the problem without getting
the next version of Netscape. There's no apparent way to increase the size of 
the buffer allocated for a URL at runtime. Of course, that would only be of
limited use. Certainly there's no way for a user to really fix the problem by
adding a check on the length of the URL.

However, a certain amount of common sense will go a long way in avoiding ugly
incidents. To put it simply, "look before you leap". Before you click on a
link, look at the status bar at the bottom of the Netscape window (in the
Unix version at least) that displays the URL of the link under the pointer.
To be safe, if it's too long to fit entirely in the status bar, view the
source of the current page to find the complete URL. (Note that when a URL is
too long to fit completely in the status bar, a middle portion of it is elided
with "...")

Also, if the link is labelled "Don't click here !" like one on my homepage,
don't click there ! :}

-Futplex <futplex@pseudonym.com>
"What if you knew her, and found her dead on the ground ?
 How can you run when you know ?" -Neil Young