From: jsw@neon.netscape.com (Jeff Weinstein)
To: cypherpunks@toad.com
Message Hash: 08b06357f044d5260add39b4de3ac52c03d80acc0c9c20004abaa63e1a3df2d6
Message ID: <449ucq$f5d@tera.mcom.com>
Reply To: <Pine.SUN.3.91.950925182134.14756E-100000@thrash.src.umd.edu>
UTC Datetime: 1995-09-26 22:22:07 UTC
Raw Date: Tue, 26 Sep 95 15:22:07 PDT
From: jsw@neon.netscape.com (Jeff Weinstein)
Date: Tue, 26 Sep 95 15:22:07 PDT
To: cypherpunks@toad.com
Subject: Re: WSJ on Netscape Hole 3
In-Reply-To: <Pine.SUN.3.91.950925182134.14756E-100000@thrash.src.umd.edu>
Message-ID: <449ucq$f5d@tera.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain
In article <199509252300.QAA29812@infinity.c2.org>, sameer@c2.org (sameer) writes:
> He's -asking- for an exploit. Tshirts to Ray and the person who
> does the exploit, if it gets written. Maybe I should just ring up 8lgm and
> have them do one.
>
>
> >
> > On Mon, 25 Sep 1995, John Young wrote:
> >
> > > The Wall Street Journal, September 25, 1995, p. B12.
> >
> > > Marc Andreessen, vice president of technology at Netscape,
> > > said the company will issue fixes for the recent glitches
> > > later this week. He added that it's unclear whether
> > > anything other than temporarily crashing a user's computer
> > > could result trom the recent flaw.
> >
> > Oh Marc, you didn't really want to say that, did you?
> >
> > -Thomas
> >
I asked Marc about this one, since it bothered me too. Apparently
Jared asked Marc if he was aware of specific examples of how this bug
might be exploited. Marc replied that we had not seen anything
other than what was already posted on cypherpunks.
Since the original article did not use quotes, I assume that what
was written was a paraphrase, and as such it has been interpreted
by the author.
That said, we take this problem seriously, and have
taken steps to fix it. The patch that will be released tomorrow
will include fixes for this buffer overflow, and others that we
found during a review of all of our code. I think it would be
more constructive to pound on the new version than one that is
known to be busted, and will be patched by tomorrow.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to September 1995
Return to “jsw@neon.netscape.com (Jeff Weinstein)”
Unknown thread root