mailing list archives
Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
From: "milw0rm Inc." <milw0rm () gmail com>
Date: Fri, 16 Sep 2005 11:39:37 -0500
This problem also effects Thunderbird (tested) and im guessing
Netscape's Mail client (untested) which it really can't do much except
Include the linked source in an email for your testing.
On 9/13/05, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:
Research and development has let to a ~90% reliable working exploit for the
IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is
higher success ratio. It has also revealed that not only FireFox is
vulnerable to this vulnerability, but the exact same exploit works on the
latest releases of all these products based on the Mozilla engine:
- Mozilla FireFox 1.0.6 and 1.5beta,
- Mozilla Browser 1.7.11,
- Netscape 22.214.171.124 <http://126.96.36.199>.
Recommendations for this vulnerability:
- FireFox and Mozilla: Install the workaround for (
- Netscape: hope they'll respond to this email and release a workaround.
- Wait for a patch and install it asap.
Recommendations to make it harder to exploit any FireFox vulnerability:
- Turn on DEP (Data Execution Prevention),
- Switch to another browser,
- Do not browse untrusted sites,
- Do not browse the web at all,
- Unplug your machine from the web,
- Wear a tinfoil hat.
BTW: From where is that security [at] netscape.org address?
An official security URL to Netscape is "Netscape Browser Bug Submission
(www.netscape.org redirects to home.netscape.com/ , of course they have
netscape.org, netscape.net etc.)
For version 7.2 (and 7.x?) it is the following:
Two separate addresses due to different developer teams, according to
my knowledge. Is there any new information?
I have informed the vendor Netscape being affected on 9th September 2005.
Disabling IDN support via about:config (or prefs.js file) is possible in
Netscape Browser 8 too. Xpi file for Firefox and Mozilla Suite works in
Netscape 188.8.131.52 too. Test was successful and even UA was changed to
include ....Gecko/20050729 (No IDN) Netscape/184.108.40.206.
However, the manual method is recommended.
I.e. there is a workaround for Netscape. Vendor developer team contacted
during a weekend, no reply yet.
When an updated version of Netscape Browser 8 is available the download
link is http://browser.netscape.com/ns8/download/default.jsp
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/