Netscape URL Domain Name Buffer Overflow

Published: 2005-09-11
Last Updated: 2005-09-11 00:37:23 UTC
by Koon Yaw Tan (Version: 2)
0 comment(s)
Netscape also suffers similar URL Domain Name Buffer Overflow as Firefox. The vulnerability has been confirmed in versions and 7.2. Other versions may also be affected. Currently there is no solution available besides not to browse untrusted websites. You can read the details at Secunia.

[Update 1]
Below is contributed by Juha-Matti on a workaround on this issue:

Manual about:config method for disabling IDN support works fully in Netscape Browser 8 (the newest version was tested) too due to the same Firefox codebase.

Netscape 8 has the same about:config preference "network.enableIDN" in use and the same Filter dialog box when searching the exact preference name. A xpi patch file is not purposed to Netscape, because it will modify the UA string directly (adding "no IDN").

Instructions (same as FF/Mozilla):
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Right click on the the network.enableIDN item and select Toggle to change value to false.

0 comment(s)


Diary Archives