CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 941
Comments: 25
block bottom
spacer spacer
image Firefox URL Domain Name Buffer Overflow image
Security Hole
MowGreen writes "http://secunia.com/advisories/16764/
Secunia Advisory:SA16764
Release Date: 2005-09-09
Critical:
Highly critical Impact: DoS System access
Where: From remote
Solution Status: Unpatched
Software: Mozilla Firefox 1.x
Description:
Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a users system.
The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.
Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.
The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.
Solution: Dont browse untrusted web sites.
Provided and/or discovered by: Tom Ferris
Original Advisory: http://security-protocols.com/advisory/sp-x17-advisory.txt "
Posted on Friday, 09 September 2005 @ 14:22:17 UTC by Paul (1787 reads)
[ Trackback ]		image

"Firefox URL Domain Name Buffer Overflow" | Login/Create an Account | 1 comment | Search
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Firefox URL Domain Name Buffer Overflow- TEMP FIX (Score: 1)
by MowGreen  on Sunday, 11 September 2005 @ 16:35:37 UTC
(User Info | Send a Message) http://www.geocities.com/Augusta/1185/
https://addons.mozilla.org/messages/307259.html

On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. Instructions on administering these changes can be found below.

How to update
There are two methods for resolving this problem. The first method is to install a small download and the second method is to manually change the browser configuration. You only need to do one of the two.

Installing the Patch
* To install the security patch for Firefox or the Mozilla Suite, follow these instructions:
1. Firefox and Mozilla Suite users click this link: http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi
2. In the Software Installation window, click the Install Now button.
3. Exit and restart your Mozilla or Firefox browser.

* To verify the fix in Firefox and the Mozilla Suite, be sure to restart the browser and then follow these steps: 1. In Firefox Click Help -> About Mozilla Firefox and verify that the user agent string contains (noIDN)
2. In the Mozilla Suite Click Help -> About Mozilla and verify that the user agent string contains (noIDN)

Manually Configuring the Browser
* To manually change the browser configuration for Firefox or the Mozilla Suite, follow these instructions:
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Right click on the the network.enableIDN item and select toggle to change value to false.

* To verify the fix in your Firefox or Mozilla application, be sure to restart the browser and then follow these steps.
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Ensure that the the value for this item is set to false.

We value our users' safety and security and will continue to make all efforts to release secure products and respond quickly when security vulnerabilities are identified in our software.


 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· HotScripts
· W3 Consortium
· HTML Standard
· Mozilla
· More about Security Hole
· News by Paul

Most read story about Security Hole:
Windows Media Player, Spyware and Trojan
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
165ppm 0.205s (0.016s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer