Highly Critical Vulnerability Reported by Secunia
-
- Posts: 58
- Joined: April 11th, 2005, 4:45 pm
Highly Critical Vulnerability Reported by Secunia
<a href="http://secunia.com/advisories/16764/">SA16764 - Firefox URL Domain Name Buffer Overflow</a> was just reported today by Secunia and is rated highly critical.
(For) Now Fx is rated as vulrnerable as IE.
Description:
Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system.
The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.
Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.
The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.
(For) Now Fx is rated as vulrnerable as IE.
Description:
Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system.
The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.
Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.
The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.
-
- Posts: 7
- Joined: December 21st, 2004, 6:13 pm
Bug reporting
Did Secunia report this bug to Mozilla first? If not, how nice of them to publish the bug without giving the Firefox developers the chance to fix it (standard practice when they discover bugs in IE, for example).
-
- Posts: 58
- Joined: April 11th, 2005, 4:45 pm
Re: Bug reporting
n0ym wrote:Did Secunia report this bug to Mozilla first? If not, how nice of them to publish the bug without giving the Firefox developers the chance to fix it (standard practice when they discover bugs in IE, for example).
If you follow the Originally Reported link, http://security-protocols.com/advisory/ ... visory.txt
you will see in there:
Mozilla was notified, and im guessing they are working on a patch. Who knows though?
-
- Posts: 7
- Joined: December 21st, 2004, 6:13 pm
- makaiguy
- Posts: 16878
- Joined: November 18th, 2002, 6:44 pm
- Location: Somewhere in SE USA
- Contact:
Unarmed wrote:Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).
Okay, I've done this. But what is it I've disabled and what am I giving up by doing so?
Doug Wilson
Win10 64bit: FF 124.0.2 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 124.2.0/115.9.0 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
Win10 64bit: FF 124.0.2 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 124.2.0/115.9.0 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
-
- Posts: 4941
- Joined: July 31st, 2003, 1:26 pm
-
- Posts: 58
- Joined: April 11th, 2005, 4:45 pm
n0ym wrote:So, in other words, they notified Mozilla, but then didn't wait for a patch to be issued. I've noticed that Secunia frequently witholds information about bugs in IE until Microsoft has a "patch day" and makes fixes available. So, I guess I'm wondering what happened here.
I don't think that there is any favoritism going on with Secunia. This particular vulnerability was posted on http://security-protocols.com on Sept 5th so, it was public knowledge. I think the situations that you speak of with Secunia not posting an advisory until after the patch are different because those vulns were not publicly known.
-
- Posts: 58
- Joined: April 11th, 2005, 4:45 pm
Unarmed wrote:Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).
Thanks Unarmed. I have notified Secunia of this workaround. Hopefully they will add it to the Solution section of the advisory.
-
- Posts: 18
- Joined: July 18th, 2004, 7:29 pm
The flaw was first reported to Mozilla developers by Tom Ferris earlier this week, but he opted to publicly disclose the problem following a disagreement.
http://www.betanews.com/article/Securit ... 1126279570
whats that all about?