Notok
January 1st, 2005, 03:42 AM
-{ Quote: "Description:
Maurycy Prodeus has reported a vulnerability in Mozilla, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the "MSG_UnEscapeSearchUrl()" function in "nsNNTPProtocol.cpp" when processing NNTP URIs. This can be exploited via e.g. a malicious web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in version 1.7.3 and prior.
Solution:
Update to version 1.7.5.
http://www.mozilla.org/products/mozilla1.x/" }-http://secunia.com/advisories/13687/
.
Maurycy Prodeus has reported a vulnerability in Mozilla, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the "MSG_UnEscapeSearchUrl()" function in "nsNNTPProtocol.cpp" when processing NNTP URIs. This can be exploited via e.g. a malicious web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in version 1.7.3 and prior.
Solution:
Update to version 1.7.5.
http://www.mozilla.org/products/mozilla1.x/" }-http://secunia.com/advisories/13687/
.