PC Takeover Flaw in Mozilla, Netscape
A 'highly critical' vulnerability puts users at risk of remote code execution.
According to an advisory from iDefense, the vulnerability is caused by an integer overflow within the SOAPParameter object's constructor.
SOAPParameter objects handle support for SOAP, the XML-based messaging protocol that defines rules for structuring messages. ''Successful exploitation allows the remote attacker to execute arbitrary code in the context of the user running the browser,'' iDefense warned.
''Netscape has not released any information indicating they are intending to release future versions of the Netscape browser, and no longer have any developers working on this project,'' iDefense said.
This article was first published on internetnews.com.