Re: Patch Day November 2005

softwarereparatur.com schrieb im Newsbeitrag 
Auch uns ist das Problem mit dem Buffer Overflows
bekannt.Wir versuchen dieses Problem mit dem Browser
Netcape zu lösen.

Vielleicht nehmen sie zur Kenntnis, dass der Netscape oder Mozilla-Browser für bestimmte Sachen auf Teile des zugrunde liegenden Betriebssystems zurückgreift, sprich: DLLs. Und wenn der Bock äh Bug dort begraben liegt, dann ist ein Netscape oder Mozilla genauso verwundbar wie ein IE.

Ganz zu schweigen davon, dass sich der Bug auch durch Betrachten von Bilddaten im Explorer (nicht IE!) bemerkbar machen kann oder in Word oder in anderen Programmen, die WMF/EMF-Dateien über die Windows-Bibliothek rendern.

Vielleicht sollten Sie deshalb erst lesen, was Microsoft schreibt, bevor sie vorschnell irgendwelche Behauptungen aufstellen.

So long,
-+- Dirk -+- 

.

Relevant Pages

  • Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
    ... The bug was not reported sooner because we had to test it properly, ... In our submission to Netscape we specifically said that we plan to wait 5 ... It seems a bit irresponsible to report a bug in a product to the ... entered as a bug in the underlying Mozilla code on April 29, ...
    (NT-Bugtraq)
  • Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
    ... It seems a bit irresponsible to report a bug in a product to the ... entered as a bug in the underlying Mozilla code on April 29, ... > Users of Netscape Navigator should move to a better performing, ...
    (NT-Bugtraq)
  • [FLSA-2005:152883] Updated mozilla packages fix security issues
    ... Updated mozilla packages that fix various bugs are now available. ... It is possible for an XPI package to install some files ... A bug was found in the way Mozilla handles pop-up windows. ... attacker to execute arbitrary code on the victim's machine. ...
    (Bugtraq)
  • Netscape Problems.
    ... > We can understand why there was no response from Netscape since the ... > a security bug in Netscape Communicator to its founder. ... > changedReward Guidelines of the Bug Bounty program so that now only ... Completed writeup of heap corruption in Netscape and Mozilla, via PNG. ...
    (Bugtraq)
  • [Full-Disclosure] Netscape Problems.
    ... > We can understand why there was no response from Netscape since the ... > a security bug in Netscape Communicator to its founder. ... > changedReward Guidelines of the Bug Bounty program so that now only ... Completed writeup of heap corruption in Netscape and Mozilla, via PNG. ...
    (Full-Disclosure)