[Cialug] Overflow Vulnerability in Mozilla-based Browsers
David Stout
david.stout at marshallnet.com
Mon Sep 26 10:52:41 CDT 2005
Exploit for Buffer Overflow Vulnerability in Mozilla-based Browsers
added September 23, 2005
US-CERT is aware of public exploit code for a buffer overflow vulnerability in Mozilla products, including the Mozilla Suite, and Mozilla Firefox. The vulnerability exists in the way Mozilla products handle URIs containing certain IDN encoded hostnames. A remote attacker who is able to convince a user to view a specially crafted HTML document may be able to execute arbitrary code with the privileges of the user running the vulnerable application.
More information about this vulnerability can be found in the following US-CERT Vulnerability Note:
VU#573857 - Mozilla-based browsers contain a buffer overflow in handling URIs containing a malformed IDN hostname
US-CERT encourages Mozilla users to upgrade to version 1.0.7 and Mozilla Suite users to upgrade to version 1.7.12 as soon as possible.
David Stout
Data Repository Analyst
More information about the Cialug
mailing list