RE: Mozilla Firefox "Host:" Buffer Overflow Exploit

["Peter Kruse" <kruse () krusesecurity dk>]

Hi Skylined, 

Thanks for the heads up. 

Yes, certainly this is/was remotely exploitable. The good part is, that the
Mozilla Team has released a "workaround"/security patch to fix this issue.
They accomplish this by disabling IDN. 

The "What Firefox and Mozilla users should know about the IDN buffer
overflow security issue" can be found at the following URL:
https://addons.mozilla.org/messages/307259.html

A patch for Mozilla Suite and Firefox users can be found here:
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259
.xpi

I can confirm that the fix plugs the hole.

Regards
Peter Kruse

________________________________

        From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Berend-Jan
Wever
        Sent: 10. september 2005 12:53
        To: full-disclosure () lists grok org uk; bugtraq () securityfocus com;
security () mozilla org
        Subject: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow
Exploit
        
        
        (Just a little heads up, no details or PoC attached)
         
        The security vulnerability in Mozilla FireFox reported by Tom Ferris
is exploitable on Windows.
        I developed a working exploit that seems to be 100% stable, though
I've only tested it on one system.
        The exploit will not be released publicly untill patches are out.
         
        On a side note: it took only about 3 hours and 30 minutes to develop
the exploit, so I might not be the only one able to write it.
         
        Cheers,
        SkyLined
        
        -- 
        Berend-Jan Wever <berendjanwever () gmail com>
        http://www.edup.tudelft.nl/~bjwever
<http://www.edup.tudelft.nl/~bjwever> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/