I have found a buffer overflow in Netscape Communicator probably affecting all
versions. The problem occurs when Communicator
attempts to validate any key where the key length is > 2k. I have tested this on 4.61
and 4.7, unix (Irix) and Windows. Netscape
has been notified of the problem and expect a fix for 4.8.
As the problem manifests during the check of the key, any portion of the key chain
which has a key > 2k triggers the problem. Thus,
the potential for widespread DoS attacks via email. I suspect, but have not pursued,
the possibility of exploiting the overflow to
execute arbitrary code.
--
Michael Breuer
[EMAIL PROTECTED]
