1995-10-03 - New Netscape bug (in version 1.12)

Header Data

From: Ray Cromwell <rjc@clark.net>
To: cypherpunks@toad.com
Message Hash: d6feec89a436d76d60373a94587a0bb707f5bd42b389cab29acfcfe4a00d9ec5
Message ID: <199510030836.EAA09080@clark.net>
Reply To: N/A
UTC Datetime: 1995-10-03 08:36:55 UTC
Raw Date: Tue, 3 Oct 95 01:36:55 PDT

Raw message

From: Ray Cromwell <rjc@clark.net>
Date: Tue, 3 Oct 95 01:36:55 PDT
To: cypherpunks@toad.com
Subject: New Netscape bug (in version 1.12)
Message-ID: <199510030836.EAA09080@clark.net>
MIME-Version: 1.0
Content-Type: text/plain



C'punks, 
  I just got back from a vacation in Raleigh, and downloaded the
new "fixed" Netscape 1.12. It took me about an hour, but I've
discovered another bug and potential security hole. This one relates
to mailto:.

  The bug is as follows. Create a HTML file with a hyperlink containing
the following URL

 foo 

This bug doesn't seem to crash Netscape, instead, it crashes my XServer
as soon as the mail window pops op. I'm too tired right now to try to
analyze it, but it might be another stack bug, this time, in the X
libraries because Netscape isn't doing any sanity checking.

I need help testing this bug on other platforms. I have created
a test page. Go to http://www.gl.umbc.edu/~rcromw1/crash.html
to test.

I have also found 2 other bugs that cause stack trashing in v1.1
however, they are random and I haven't been able to isolate them
completely yet. (I have created a page on my system, such that if you
visit it, after you visit about 3 more pages, it crashes)

What's my point in pursuing this? Netscape's browser is a piece of
software that runs on millions of computers and in effect, allows
outside agents to input arbitrary data into that software. As such,
it is unlike most applications made. Sure, Microsoft Word may have bugs,
but how many people are downloading hundreds of MS Word documents
everyday and viewing them? Users of Web browsers are exposing themselves
like this everyday, and so I think, that web browsers must have higher
standards of robustness.


I think Netscape represents an enormous risk to computer security,
and while I think they are heading in the right direction, there are
some very basic implementation issues they need to clear up which are
orthogonal to SSL and credit card transactions. All the cryptography
in the world won't help you if someone can subvert your cryptobox.
Netscape needs to do some serious quality assurance work. I've never
been a QA person in my life, but within a few minutes, I have been
able to find serious bugs in the software. And while I'm sure
Netscape's coders are fine people, proof reading your own code,
code that you look at everyday, becomes rather hard because you
tend to "see through it". (just like proof reading essays, or messages)
I think Netscape should hire some outside firm/group to review their
code under non-disclosure for potential implementation holes.

-Ray Cromwell <rjc@clark.net>
P.S. I am running Netscape v1.12 under BSDI2.0 and the XAccel/2.0 server


 







Thread