[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] FireFox "Host:" Buffer Overflow is not just exploitable on FireFox

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, security@xxxxxxxxxxx, security@xxxxxxxxxxxx
Subject: [Full-disclosure] FireFox "Host:" Buffer Overflow is not just exploitable on FireFox
From: Berend-Jan Wever <berendjanwever@xxxxxxxxx>
Date: Sun, 11 Sep 2005 01:39:27 -0700

Hi all,
 Research and development has let to a ~90% reliable working exploit for the 
IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is 
turned off and JavaScript is enabled. Some tweaking might yield an even 
higher success ratio. It has also revealed that not only FireFox is 
vulnerable to this vulnerability, but the exact same exploit works on the 
latest releases of all these products based on the Mozilla engine:
 - Mozilla FireFox 1.0.6 and 1.5beta,
- Mozilla Browser 1.7.11,
 - Netscape 8.0.3.3 <http://8.0.3.3>.
 Recommendations for this vulnerability:
- FireFox and Mozilla: Install the workaround for (
https://addons.mozilla.org/messages/307259.html).
- Netscape: hope they'll respond to this email and release a workaround.
- Wait for a patch and install it asap.
 Recommendations to make it harder to exploit any FireFox vulnerability:
- Turn on DEP (Data Execution Prevention),
- Turn off JavaScript,
- Switch to another browser,
- Do not browse untrusted sites,
- Do not browse the web at all,
- Unplug your machine from the web,
- Wear a tinfoil hat.
 Cheers,
SkyLined

 On 9/10/05, Berend-Jan Wever <berendjanwever@xxxxxxxxx> wrote: 
> 
> (Just a little heads up, no details or PoC attached)
>  The security vulnerability in Mozilla FireFox reported by Tom Ferris is 
> exploitable on Windows.
> I developed a working exploit that seems to be 100% stable, though I've 
> only tested it on one system.
> The exploit will not be released publicly untill patches are out.
>  On a side note: it took only about 3 hours and 30 minutes to develop the 
> exploit, so I might not be the only one able to write it.
>  Cheers,
> SkyLined
> 
> -- 
> Berend-Jan Wever <berendjanwever@xxxxxxxxx>
> http://www.edup.tudelft.nl/~bjwever 
> 



-- 
Berend-Jan Wever <berendjanwever@xxxxxxxxx>
http://www.edup.tudelft.nl/~bjwever

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: RE: [Full-disclosure] Off topic.
Next by Date: Re: [Full-disclosure] Off Topic: Attachment
Previous by thread: Re: [Full-disclosure] Releasing vulnerability information in blogs - a new trend?
Next by thread: [Full-disclosure] Automated mass abuse of form mailers
Index(es):
- Date
- Thread