[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox

To: berendjanwever@xxxxxxxxx
Subject: Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Wed, 14 Sep 2005 00:35:37 +0300 (EEST)

Hi all,
Research and development has let to a ~90% reliable working exploit for the
IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is
turned off and JavaScript is enabled. Some tweaking might yield an even
higher success ratio. It has also revealed that not only FireFox is
vulnerable to this vulnerability, but the exact same exploit works on the
latest releases of all these products based on the Mozilla engine:
- Mozilla FireFox 1.0.6 and 1.5beta,
- Mozilla Browser 1.7.11,
- Netscape 8.0.3.3 <http://8.0.3.3>.
Recommendations for this vulnerability:
- FireFox and Mozilla: Install the workaround for (

https://addons.mozilla.org/messages/307259.html).

- Netscape: hope they'll respond to this email and release a workaround.
- Wait for a patch and install it asap.
Recommendations to make it harder to exploit any FireFox vulnerability:
- Turn on DEP (Data Execution Prevention),
- Turn off JavaScript,
- Switch to another browser,
- Do not browse untrusted sites,
- Do not browse the web at all,
- Unplug your machine from the web,
- Wear a tinfoil hat.
Cheers,
SkyLined

BTW: From where is that security [at] netscape.org address? 1) An official security URL to Netscape is "Netscape Browser Bug Submission Form" at http://browser.netscape.com/ns8/support/bugreport.jsp (www.netscape.org redirects to home.netscape.com/ , of course they have netscape.org, netscape.net etc.)

For version 7.2 (and 7.x?) it is the following: http://wp.netscape.com/browsers/7/feedback/problem.html Two separate addresses due to different developer teams, according to my knowledge. Is there any new information?

I have informed the vendor Netscape being affected on 9th September 2005.

2) Disabling IDN support via about:config (or prefs.js file) is possible in Netscape Browser 8 too. Xpi file for Firefox and Mozilla Suite works in Netscape 8.0.3.3 too. Test was successful and even UA was changed to include ....Gecko/20050729 (No IDN) Netscape/8.0.3.3. However, the manual method is recommended. I.e. there is a workaround for Netscape. Vendor developer team contacted during a weekend, no reply yet.

3) When an updated version of Netscape Browser 8 is available the download link is http://browser.netscape.com/ns8/download/default.jsp

- Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox
  - From: Peter Kruse
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
  - From: milw0rm Inc.
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
  - From: Bipin Gautam

Prev by Date: [Full-disclosure] iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability
Next by Date: [Full-disclosure] security at netscape.org says Error 550
Previous by thread: [Full-disclosure] iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability
Next by thread: RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox
Index(es):
- Date
- Thread