Posting this here because so many of you use Communicator. Fred ______________________ Netscape Communicator May Run Arbitrary Code ------------------------------------------------------------ Solar Designer VERSIONS EFFECTED Netscape Communicator 3.0 through 4.73 as well as Mozilla M15 -- versions 4.74 and M16 do not exhibit the bug DESCRIPTION The JPEG interchange format provides for a two-byte comment length field within the body of the data, however that field is not checked for a proper value in the affected versions of the product. Because of that programming oversight it may be possible to overwrite the heap to cause arbitrary code to execute on the system. The problem affects the mail, news, and Web components of Communicator. VENDOR RESPONSE Upgrade to a more current version. -- ----/ / _ Fred A. Miller ---/ / (_)__ __ ____ __ Systems Administrator --/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services -/____/_/_//_/\_,_/ /_/\_\ fm@cupserv.org -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq