IDN buffer overflow security issue

by Don_HH2K

"Host:" Paramater Buffer Overflow Vulnerability

SillyDog701 member J-M recently posted to the Message Centre about a new vulnerability in Firefox and other Mozilla-based products.

A vulnerability has been identified in Mozilla Firefox, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error in the "NormalizeIDN" function when handling specially crafted URLs embedded in "HREF" tags, which could be exploited by remote attackers to take complete control of an affected system via specially crafted Web pages.

It has been reported that this vulnerability affects Firefox 1.0.6 and prior versions, as well as Netscape 8.0.3.3, Mozilla Suite 1.7.11, and Firefox 1.5 Beta 1.

A patch has been released by The Mozilla Foundation to temporarily resolve this issue.

Continue reading about the "Host:" Parameter Remote Buffer Overflow Vulerability at the SillyDog701 Message Centre.


Posted by Don_HH2K on September 9, 2005 7:50 PM
Like this article? Digg this article, add to My Web or save to Google Bookmarks.

more September 2005 stories or Year 2005 stories