https://www.exploit-db.com/exploits/21544
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-653

Netscape是一款由NetscapeCommunication开发的WEB浏览器，可使用在多种操作系统下，此漏洞只影响Linux平台下的版本。Netscape中的编辑器(composer)在处理超长字体外观(fontface)字段时存在漏洞，远程攻击者可能利用此漏洞进行缓冲区溢出攻击。Netscape中的编辑器对字体外观字段边界缺少正确检查，攻击者可以构建包含超过191字节的字体外观字段的WEB页面，当Netscape中的编辑器编辑这个HTML页时产生缓冲区溢出，精心构建字体外观字段数据可能导致攻击者以Netscape进程的权限在用户系统上执行任意指令。

source: http://www.securityfocus.com/bid/5010/info

Netscape is a freely available web browser distributed by Netscape Communications, and available for various platforms. This vulnerability is known to affect those installations on the Linux platform.

A buffer overflow has been reported in the Composer function of Netscape. When an HTML page with a Font Face field of arbitrary length is edited using Netscape Composer, a memory corruption bug may occur that could allow the overwriting of process memory, and execution of attacker supplied code. 

<html>
<body>

<font face="X">Hola!</font>

</body>
</html>

where X is indicative of 191 or more characters.

来源:XF
名称:netscape-composer-font-bo(9355)
链接:http://xforce.iss.net/xforce/xfdb/9355
来源:BID
名称:5010
链接:http://www.securityfocus.com/bid/5010
来源：NSFOCUS
名称：2982
链接：http://www.nsfocus.net/vulndb/2982