Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow
Release Date:
September 13, 2005
Severity:
Critical
Vendor:
Mozilla
Versions Affected:
Firefox 1.5 Beta 1 (Deer Park Alpha 2) build 1.8b4 with IDN disabled.
Overview:
A buffer overflow vulnerability exists within Firefox 1.5 Beta 1 with IDN
disabled allows for an attacker to remotely execute arbitrary code on a
affected host. Firefox 1.0.6 and all prior versions are not affected by this
particular variant of the 'Host:' issue.
Technical Details:
The workaround which was provided from Mozilla does not mitigate this issue.
The following HTML code below will reproduce this issue:
IFRAME SRC=https:----------------------------------------------- >
Note, the difference from this one is the IFRAME and SRC= as the other flaw
was just HREF=.
Vendor Status:
Mozilla is currently working on a patch.
Discovered by:
Tom Ferris
Related Links:
http://security-protocols.com/deerpark-death.html
https://addons.mozilla.org/messages/307259.html