Firefox URL Domain Name Buffer Overflow

楼主^#

更多发布于：2005-09-10 00:16

http://secunia.com/advisories/16764/

Release Date: 2005-09-09

Critical: Highly critical

Solution Status: Unpatched

Description:
Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system.

The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.

The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.

Solution:
Don't browse untrusted web sites.

Vulnerabilities in 2005
Firefox 1.x: 18 http://secunia.com/product/4227/?period=2005#statistics
IE 6.0: 11 http://secunia.com/product/11/?period=2005#statistics

Yup FF beats IE in this category.

喜欢0

WINXP SP2 MAXTHON (UNICODE) PROXOMITRON

abc@home

千年狐狸

UID6047
注册日期2005-05-16
最后登录2011-01-01
发帖数1681
经验10枚
威望0点
贡献值0点
好评度1点

加关注写私信

1楼^#

发布于：2005-09-10 00:16

Proof of concept demo which crashes FF. If your FF doesn't crash, try it again.

http://www.security-protocols.com/firefox-death.html

WINXP SP2 MAXTHON (UNICODE) PROXOMITRON

回复喜欢

abc@home

千年狐狸

UID6047
注册日期2005-05-16
最后登录2011-01-01
发帖数1681
经验10枚
威望0点
贡献值0点
好评度1点

加关注写私信

2楼^#

发布于：2005-09-10 00:16

The vulnerability is not yet fixed, but you can turn off idn support in about:config as a workaround (like turn off activex in ie until a patch come out).

Or you can install an xpi to turn off the idn support (how dump).

http://forums.mozillazine.org/viewtopic ... 15&start=0

WINXP SP2 MAXTHON (UNICODE) PROXOMITRON

回复喜欢

发帖回复

« 返回列表

您需要登录后才可以回帖，登录或者注册

返回顶部

Firefox URL Domain Name Buffer Overflow

最新喜欢：