K 10
svn:author
V 6
trevor
K 8
svn:date
V 27
2002-02-10T23:05:22.000000Z
K 7
svn:log
V 665
Send the BSD/OS Netscape ports to Davy Jones' locker.
They have at least two dangerous bugs:

- a buffer overflow in the password field of HTML forms can lead
  to execution of hostile code, as reported by Michal Zalewski at
  (URL:http://www.securityfocus.com/archive/1/136137).  This was the
  subject of advisory FreeBSD-SA-00:66.

- if JavaScript is enabled, JavaScript code embedded in the comment
  blocks of images can be executed.  This can result in sensitive
  information being sent to a Web server. The bug was reported by
  Florian Wesch at (URL:http://www.securityfocus.com/archive/1/175060)
  and (URL:http://www.dividuum.de/).

Requested by:	nectar

END