|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#573857
Mozilla-based browsers contain a buffer overflow in handling URIs containing a malformed IDN hostname
OverviewA vulnerability in the way Mozilla products and derivative programs handle certain malformed URIs could allow a remote attacker to execute arbitrary code on a vulnerable system.
I. DescriptionMozilla products, including the Mozilla Suite, and Mozilla Firefox are vulnerable to a buffer overflow in the way they handle URIs containing certain IDN encoded hostnames. An error in the conversion of a hostname consisting of Unicode "soft hyphen" characters (U+00AD) to the UTF-8 character set will cause a buffer overflow. By convincing a user to view an HTML document (e.g., via a web page or email message), an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.
Note: Exploit code for this vulnerability is publicly available.
II. ImpactA remote attacker may be able to execute arbitrary code on a vulnerable system. The code would be executed in the context of the user running the vulnerable browser. In some instances, exploitation may only cause the browser to crash, resulting in a denial of service.
III. SolutionUpgrade
The Mozilla project has released version 1.0.7 of the Firefox web browser which includes a patch for this issue. Firefox users are encouraged to upgrade to this version of the software.
The Mozilla project has also released version 1.7.12 of the Mozilla Suite product which includes a patch for this issue. Mozilla Suite users are encouraged to upgrade to this version of the software.
Workarounds
Disable the use of IDN
Mozilla and Firefox users are encouraged to consider disabling IDN. While implementing this workaround does not correct the buffer overflow error, it prevents the vulnerable portion of code from being exploited. This can be accomplished by adding the following line to the prefs.js file:
user_pref("network.enableIDN", false);
or by following these steps:
- Open the browser, type about:config into the location bar, and hit enter.
- In the "Filter" dialog box, enter "network.enableIDN" (without the quotation marks) and hit enter.
- A single Preference Name should appear in the results.
- Double-click on the result. In Firefox, this will toggle the value from true to false. In Mozilla, this will open a dialog box titled "Enter boolean value." Enter "false" into this box and hit enter.
Systems Affected
References
http://www.mozilla.org/security/idn.html
http://www.security-protocols.com/modules.php?name=News&file=article&sid=2910
http://security-protocols.com/advisory/sp-x17-advisory.txt
http://secunia.com/advisories/16764/
http://secunia.com/advisories/16766/
http://secunia.com/advisories/16767/
https://bugzilla.mozilla.org/show_bug.cgi?id=307259
http://www.securityfocus.com/bid/14784
http://xforce.iss.net/xforce/xfdb/22207
http://www.frsirt.com/english/advisories/2005/1690
http://www.ciac.org/ciac/bulletins/p-303.shtml
Credit
This vulnerability was reported by Tom Ferris.
This document was written by Chad Dougherty and Will Dormann.
Other Information
| Date Public | 09/09/2005 |
| Date First Published | 09/09/2005 04:20:22 PM |
| Date Last Updated | 09/23/2005 |
| CERT Advisory | |
| CVE Name | CAN-2005-2871 |
| US-CERT Technical Alerts | |
| Metric | 19.12 |
| Document Revision | 24 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader