Netscape Communicator type=password Browser Buffer Overflow Vulnerability

Netscape Communicator is susceptible to a buffer overflow when viewing a HTML document with an INPUT tag containing the argument 'type=password' consisting of over 16 KB.

For example, the following code embedded in a HTML document will cause the browser to crash (the 'O' in FORM has been replaced with a zero):

<F0RM action=something method=something>
<INPUT type=password value=16_KB_character_string>
</F0RM>

Depending on the data entered, arbitrary code execution may be made possible but this has not been verified. Only the 'password' type is vulnerable to this exploit. A restart of the application is required in order to regain normal functionality.


 

Privacy Statement
Copyright 2010, SecurityFocus