Buffer overflow vulnerability in Firefox 1.6

A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host.

Technical Details:
The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead. The following HTML code below will reproduce this issue:

<A href=https:—————————–>

Related Links:
http://www.security-protocols.com/firefox-death.html
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
http://www.security-protocols.com/modules.php?name=News&file=article&sid=2910

If you want to test whether the firefox that you are using is vulnerable to malicious attack then go to the following link:

http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s