Netscape Communicator JPEG May Run Arbitrary Code Reported July 24, 2000 by Solar Designer
Netscape Communicator 3.0 through 4.73 as
well as Mozilla M15 -- versions 4.74 and M16 do not exhibit the bug
The JPEG interchange format provides for a two-byte comment length field within the body
of the data, however that field is not checked for a proper value in the affected versions
of the product. Because of that programming oversight it may be possible to overwrite the
heap to cause arbitrary code to execute on the system. The problem affects the mail, news,
and Web components of Communicator.