1995-10-03 - Re: New Netscape bug (in version 1.12)

Header Data

From: Aleph One <aleph1@dfw.net>
To: Ray Cromwell <rjc@clark.net>
Message Hash: cd93f2c7080f34ec6682a6954466eff31f677320ef18a780e5a9c0944292660f
Message ID: <Pine.SUN.3.90.951003114512.29696A-100000@dfw.net>
Reply To: <199510030836.EAA09080@clark.net>
UTC Datetime: 1995-10-03 16:48:32 UTC
Raw Date: Tue, 3 Oct 95 09:48:32 PDT

Raw message

From: Aleph One <aleph1@dfw.net>
Date: Tue, 3 Oct 95 09:48:32 PDT
To: Ray Cromwell <rjc@clark.net>
Subject: Re: New Netscape bug (in version 1.12)
In-Reply-To: <199510030836.EAA09080@clark.net>
Message-ID: <Pine.SUN.3.90.951003114512.29696A-100000@dfw.net>
MIME-Version: 1.0
Content-Type: text/plain

This bug does not crash Netscape 1.1S running on an SGI.

Aleph One / aleph1@dfw.net
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 

On Tue, 3 Oct 1995, Ray Cromwell wrote:

> Date: Tue, 3 Oct 1995 04:36:44 -0400 (EDT)
> From: Ray Cromwell <rjc@clark.net>
> To: cypherpunks@toad.com
> Subject: New Netscape bug (in version 1.12)
> C'punks, 
>   I just got back from a vacation in Raleigh, and downloaded the
> new "fixed" Netscape 1.12. It took me about an hour, but I've
> discovered another bug and potential security hole. This one relates
> to mailto:.
>   The bug is as follows. Create a HTML file with a hyperlink containing
> the following URL
>  foo 
> This bug doesn't seem to crash Netscape, instead, it crashes my XServer
> as soon as the mail window pops op. I'm too tired right now to try to
> analyze it, but it might be another stack bug, this time, in the X
> libraries because Netscape isn't doing any sanity checking.
> I need help testing this bug on other platforms. I have created
> a test page. Go to http://www.gl.umbc.edu/~rcromw1/crash.html
> to test.
> I have also found 2 other bugs that cause stack trashing in v1.1
> however, they are random and I haven't been able to isolate them
> completely yet. (I have created a page on my system, such that if you
> visit it, after you visit about 3 more pages, it crashes)
> What's my point in pursuing this? Netscape's browser is a piece of
> software that runs on millions of computers and in effect, allows
> outside agents to input arbitrary data into that software. As such,
> it is unlike most applications made. Sure, Microsoft Word may have bugs,
> but how many people are downloading hundreds of MS Word documents
> everyday and viewing them? Users of Web browsers are exposing themselves
> like this everyday, and so I think, that web browsers must have higher
> standards of robustness.
> I think Netscape represents an enormous risk to computer security,
> and while I think they are heading in the right direction, there are
> some very basic implementation issues they need to clear up which are
> orthogonal to SSL and credit card transactions. All the cryptography
> in the world won't help you if someone can subvert your cryptobox.
> Netscape needs to do some serious quality assurance work. I've never
> been a QA person in my life, but within a few minutes, I have been
> able to find serious bugs in the software. And while I'm sure
> Netscape's coders are fine people, proof reading your own code,
> code that you look at everyday, becomes rather hard because you
> tend to "see through it". (just like proof reading essays, or messages)
> I think Netscape should hire some outside firm/group to review their
> code under non-disclosure for potential implementation holes.
> -Ray Cromwell <rjc@clark.net>
> P.S. I am running Netscape v1.12 under BSDI2.0 and the XAccel/2.0 server