MozillaZine

Highly Critical Vulnerability Reported by Secunia

Discussion of bugs in Mozilla Firefox
TechMason
 
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post Posted September 9th, 2005, 6:31 am

<a href="http://secunia.com/advisories/16764/">SA16764 - Firefox URL Domain Name Buffer Overflow</a> was just reported today by Secunia and is rated highly critical.

(For) Now Fx is rated as vulrnerable as IE.

Description:
Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system.

The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.

The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.

Unarmed
 
Posts: 4941
Joined: July 31st, 2003, 1:26 pm

Post Posted September 9th, 2005, 6:51 am

Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).

sysKin

User avatar
 
Posts: 893
Joined: March 17th, 2004, 9:09 pm
Location: Adelaide, Australia

Post Posted September 9th, 2005, 7:01 am

1.5beta1 looks safe (doesn't crash)

n0ym
 
Posts: 7
Joined: December 21st, 2004, 6:13 pm

Post Posted September 9th, 2005, 7:18 am

Did Secunia report this bug to Mozilla first? If not, how nice of them to publish the bug without giving the Firefox developers the chance to fix it (standard practice when they discover bugs in IE, for example).

TechMason
 
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post Posted September 9th, 2005, 7:22 am

n0ym wrote:Did Secunia report this bug to Mozilla first? If not, how nice of them to publish the bug without giving the Firefox developers the chance to fix it (standard practice when they discover bugs in IE, for example).

If you follow the Originally Reported link, http://security-protocols.com/advisory/ ... visory.txt
you will see in there:

Mozilla was notified, and im guessing they are working on a patch. Who knows though?

n0ym
 
Posts: 7
Joined: December 21st, 2004, 6:13 pm

Post Posted September 9th, 2005, 7:24 am

So, in other words, they notified Mozilla, but then didn't wait for a patch to be issued. I've noticed that Secunia frequently witholds information about bugs in IE until Microsoft has a "patch day" and makes fixes available. So, I guess I'm wondering what happened here.

makaiguy

User avatar
 
Posts: 16805
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA

Post Posted September 9th, 2005, 7:24 am

Unarmed wrote:Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).


Okay, I've done this. But what is it I've disabled and what am I giving up by doing so?
Doug Wilson, "The Makai Guy"
Win10 (64bit): FF Quantum 70.0.1 (64bit), TB 68.3.0 (32-bit) ║ Android 8.0/7.1.1: FF Mobile 68.3.0, No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers

Unarmed
 
Posts: 4941
Joined: July 31st, 2003, 1:26 pm

Post Posted September 9th, 2005, 7:47 am


TechMason
 
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post Posted September 9th, 2005, 8:04 am

n0ym wrote:So, in other words, they notified Mozilla, but then didn't wait for a patch to be issued. I've noticed that Secunia frequently witholds information about bugs in IE until Microsoft has a "patch day" and makes fixes available. So, I guess I'm wondering what happened here.


I don't think that there is any favoritism going on with Secunia. This particular vulnerability was posted on http://security-protocols.com on Sept 5th so, it was public knowledge. I think the situations that you speak of with Secunia not posting an advisory until after the patch are different because those vulns were not publicly known.

TechMason
 
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post Posted September 9th, 2005, 8:12 am

Unarmed wrote:Temporary workaround: Disable IDN support (toggle <strong>network.enableIDN</strong> in <a href="http://www.mozillazine.org/misc/about:config/">about:config</a>).


Thanks Unarmed. I have notified Secunia of this workaround. Hopefully they will add it to the Solution section of the advisory.

old np
 
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post Posted September 9th, 2005, 8:31 am

Can't find anything in Bugzilla.

TechMason
 
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post Posted September 9th, 2005, 8:34 am

np,
There probably is one that has the security flag set and is not accessable to mere peons like us ;)
I will open one anyways just to be sure.

TechMason
 
Posts: 58
Joined: April 11th, 2005, 4:45 pm

Post Posted September 9th, 2005, 8:53 am

...and there is a bug for it already.

billyvnilly
 
Posts: 18
Joined: July 18th, 2004, 7:29 pm

Post Posted September 9th, 2005, 8:57 am

The flaw was first reported to Mozilla developers by Tom Ferris earlier this week, but he opted to publicly disclose the problem following a disagreement.

http://www.betanews.com/article/Securit ... 1126279570

whats that all about?

old np
 
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post Posted September 9th, 2005, 10:03 am

TechMason wrote:...and there is a bug for it already.

Link?

Return to Firefox Bugs


Who is online

Users browsing this forum: No registered users and 2 guests