Unpatched Firefox flaw may expose users
Results 1 to 6 of 6

Thread: Unpatched Firefox flaw may expose users

  1. #1
    Senior Member
    Join Date
    Feb 2003

    Unpatched Firefox flaw may expose users

    Unpatched Firefox flaw may expose users

    A new, unpatched flaw that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

    The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

    He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

    The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

    Buffer overflows are a commonly exploited security problem. They occur when a program allows data to be written beyond the allocated end of a buffer in memory. A computer can be made to execute potentially malicious code by feeding in extra data that is designed to flood the buffer.

    Ferris reported the bug to the Mozilla Foundation on Sunday, intending to go through the organization's bug-reporting process, he said. However, in an example of the uneasy alliance between security researchers and software makers, he decided to publicly disclose the flaw after a run-in with Mozilla staff, he said.

    To read the whole story, visit:

  2. #2
    Senior Member Kite's Avatar
    Join Date
    Jan 2005
    Underground Bunker, somewhere in Antarctica
    its always the little tiny things. thanks for the information.
    I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
    -The Monarch.

  3. #3
    Join Date
    Oct 2004
    ah, and it is so simple it is all to do with when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead. The following HTML code below will reproduce this issue:

    <A HREF=https:--------------------------------------------- >

    hmmm... well curiosity got the best of me, so I made a blank text document containing ONLY the code above... saved as HTML, and voila... it screwed up my firefox

    (I stole part of that from http://www.security-protocols.com/ad...7-advisory.txt)
    I\'m Dying To Find Out The Hard Way

  4. #4

  5. #5
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    Let's see here..

    edit: nope ao's vbulitin code won't let me
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  6. #6
    Join Date
    Sep 2004
    From the same article

    However, Firefox has had its own security woes. Several serious holes in the browser have been plugged since its official release, and experts have said that safe Web browsers don't exist

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts