E-Mail:

Firefox, Mozilla, Netscape Critical Vulnerability

Wednesday, September 14th, 2005
by Marc Erickson

“The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes Firefox [and these other browsers] and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.”

Bottom line is don’t browse untrusted websites until they release a fix.

Firefox IDN URL Domain Name Buffer Overflow

Secunia Advisory: SA16764

Mozilla URL Domain Name Buffer Overflow

Secunia Advisory: SA16767

Netscape 8.x, 7.x URL Domain Name Buffer Overflow

Secunia Advisory: SA16766

Tags
Categories

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense your hard-earned information back to the community, get involved in our community site today! You can write about anything - no matter the topic. Exceptional candidates will be offered the chance to contribute to (and generate revenue from) the main Lockergnome site. Join us today!

Health - Dec 2, 2008

Down’s Symptoms May Be Treatable In The Womb

Science - Nov 26, 2008

Gray’s Paradox Solved: Researchers Discover Secret of Speedy Dolphins

Health, Society - Nov 20, 2008

1 In 4 Gulf War Veterans Suffers From Illness Caused By Toxic Exposure

Health - Nov 18, 2008

New Bacteria Discovered In Raw Milk

65 queries / 0.219 seconds.