Netscape and Mozilla crash when handling an exceptionally long request (32KB+) for a channel using the IRC protocol.

This issue is most likely due to a buffer overflow condition, but it is not known whether this condition may be exploited to execute arbitrary attacker-supplied instructions.


Mozilla is a freely available, open-source web browser. It runs on most Linux and Unix variants, as well as MacOS and Microsoft Windows 9x/ME/NT/2000/XP operating systems. Netscape is another web-browser product which runs on the same platforms as Mozilla.

Remote: Yes

Exploit: A demonstration of how this may cause a denial of service to occur can be found at the following website:

http://jscript.dk/2002/4/moz1rc1test...eroverrun.html


Source: http://www.xatrix.org/article1454.html