Highly Critical Vulnerability Reported by Secunia

Discussion of bugs in Mozilla Firefox
TechMason
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Highly Critical Vulnerability Reported by Secunia

Post by TechMason »

<a href="http://secunia.com/advisories/16764/">SA16764 - Firefox URL Domain Name Buffer Overflow</a> was just reported today by Secunia and is rated highly critical.

(For) Now Fx is rated as vulrnerable as IE.

Description:
Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system.

The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.

The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.
Unarmed
Posts: 4941
Joined: July 31st, 2003, 1:26 pm

Post by Unarmed »

Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).
User avatar
sysKin
Posts: 902
Joined: March 17th, 2004, 9:09 pm
Location: Adelaide, Australia

Post by sysKin »

1.5beta1 looks safe (doesn't crash)
n0ym
Posts: 7
Joined: December 21st, 2004, 6:13 pm

Bug reporting

Post by n0ym »

Did Secunia report this bug to Mozilla first? If not, how nice of them to publish the bug without giving the Firefox developers the chance to fix it (standard practice when they discover bugs in IE, for example).
TechMason
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Re: Bug reporting

Post by TechMason »

n0ym wrote:Did Secunia report this bug to Mozilla first? If not, how nice of them to publish the bug without giving the Firefox developers the chance to fix it (standard practice when they discover bugs in IE, for example).

If you follow the Originally Reported link, http://security-protocols.com/advisory/ ... visory.txt
you will see in there:

Mozilla was notified, and im guessing they are working on a patch. Who knows though?
n0ym
Posts: 7
Joined: December 21st, 2004, 6:13 pm

Post by n0ym »

So, in other words, they notified Mozilla, but then didn't wait for a patch to be issued. I've noticed that Secunia frequently witholds information about bugs in IE until Microsoft has a "patch day" and makes fixes available. So, I guess I'm wondering what happened here.
User avatar
makaiguy
Posts: 16878
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA
Contact:

Post by makaiguy »

Unarmed wrote:Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).


Okay, I've done this. But what is it I've disabled and what am I giving up by doing so?
Doug Wilson
Win10 64bit: FF 115.0.02 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 115.2.0/115.0.1 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
Unarmed
Posts: 4941
Joined: July 31st, 2003, 1:26 pm

Post by Unarmed »

TechMason
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post by TechMason »

n0ym wrote:So, in other words, they notified Mozilla, but then didn't wait for a patch to be issued. I've noticed that Secunia frequently witholds information about bugs in IE until Microsoft has a "patch day" and makes fixes available. So, I guess I'm wondering what happened here.


I don't think that there is any favoritism going on with Secunia. This particular vulnerability was posted on http://security-protocols.com on Sept 5th so, it was public knowledge. I think the situations that you speak of with Secunia not posting an advisory until after the patch are different because those vulns were not publicly known.
TechMason
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post by TechMason »

Unarmed wrote:Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).


Thanks Unarmed. I have notified Secunia of this workaround. Hopefully they will add it to the Solution section of the advisory.
old np
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by old np »

Can't find anything in Bugzilla.
TechMason
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post by TechMason »

np,
There probably is one that has the security flag set and is not accessable to mere peons like us ;)
I will open one anyways just to be sure.
TechMason
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post by TechMason »

...and there is a bug for it already.
billyvnilly
Posts: 18
Joined: July 18th, 2004, 7:29 pm

Post by billyvnilly »

The flaw was first reported to Mozilla developers by Tom Ferris earlier this week, but he opted to publicly disclose the problem following a disagreement.

http://www.betanews.com/article/Securit ... 1126279570

whats that all about?
old np
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by old np »

TechMason wrote:...and there is a bug for it already.

Link?
Post Reply