Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

FireFox "Host:" Buffer Overflow is not just exploitable on FireFox

From: Berend-Jan Wever <berendjanwever () gmail com>
Date: Sun, 11 Sep 2005 01:39:27 -0700
Hi all,
 Research and development has let to a ~90% reliable working exploit for the 
IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is 
turned off and JavaScript is enabled. Some tweaking might yield an even 
higher success ratio. It has also revealed that not only FireFox is 
vulnerable to this vulnerability, but the exact same exploit works on the 
latest releases of all these products based on the Mozilla engine:
 - Mozilla FireFox 1.0.6 and 1.5beta,
- Mozilla Browser 1.7.11,
 - Netscape 8.0.3.3 <http://8.0.3.3>.
 Recommendations for this vulnerability:
- FireFox and Mozilla: Install the workaround for (
https://addons.mozilla.org/messages/307259.html).
- Netscape: hope they'll respond to this email and release a workaround.
- Wait for a patch and install it asap.
 Recommendations to make it harder to exploit any FireFox vulnerability:
- Turn on DEP (Data Execution Prevention),
- Turn off JavaScript,
- Switch to another browser,
- Do not browse untrusted sites,
- Do not browse the web at all,
- Unplug your machine from the web,
- Wear a tinfoil hat.
 Cheers,
SkyLined

 On 9/10/05, Berend-Jan Wever <berendjanwever () gmail com> wrote: 


(Just a little heads up, no details or PoC attached)
 The security vulnerability in Mozilla FireFox reported by Tom Ferris is 
exploitable on Windows.
I developed a working exploit that seems to be 100% stable, though I've 
only tested it on one system.
The exploit will not be released publicly untill patches are out.
 On a side note: it took only about 3 hours and 30 minutes to develop the 
exploit, so I might not be the only one able to write it.
 Cheers,
SkyLined

-- 
Berend-Jan Wever <berendjanwever () gmail com>
http://www.edup.tudelft.nl/~bjwever 





-- 
Berend-Jan Wever <berendjanwever () gmail com>
http://www.edup.tudelft.nl/~bjwever

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: