Firefox, Mozilla, Netscape,URL Domain Name Buffer Overflow

ronjor · #1 September 9th, 2005, 08:58 AM

Quote:

Highly critical
Impact: DoS
System access
Where: From remote
Solution Status:Unpatched

Secunia

More

Netscape

Mozilla

Trooper · #2 September 9th, 2005, 10:49 AM

Thanks for the heads up Ron.

ronjor · #3 September 9th, 2005, 10:51 AM

No rest for the wicked.

Kye-U · #4 September 9th, 2005, 04:10 PM

Yay! Another exploit!

*gets to work*

(Thanks ronjor

Been waiting for one.)

EDIT: My Proxomitron config pack (v4.44) now detects and removes this exploit.

http://www.wilderssecurity.com/showp...0&postcount=16

For those who want to use a standalone Proxomitron filter, here you go.

*Had to attach filter in text file due to special character.*

#5 September 9th, 2005, 06:22 PM

According to FrSIRT a possible solution is:
Disable IDN support by entering "about:config" in the location bar, and then setting "network.enableIDN" to "false"."

http://isc.sans.org/diary.php?storyid=656

No need for complicated filters.

Trooper · #6 September 9th, 2005, 07:11 PM

Thanks for the link passing through. I don't use Prox so this is cool.

ronjor · #7 September 9th, 2005, 08:18 PM

Another fix. http://www.mozilla.org/security/idn.html

Trooper · #8 September 9th, 2005, 09:27 PM

Quote:

Originally Posted by ronjor

Another fix. http://www.mozilla.org/security/idn.html

Thanks Ron, all set here.

Longboard · #9 September 10th, 2005, 08:43 AM

Thanks Ronjor
Not perfect but still better!!

Regards

#10 September 10th, 2005, 12:29 PM

i'm reading this with OB1, becacue i don't want to leave any obvious records i've been using this pc ( family work PC which they know i'll screw around with if they give me the password, but i cracked it anyway

, and they're right, so far i have installed afew things i would never on my PC. not that they check the logs, and find out. it will all be cleared up and back to normal when i have finished.

anyway, doesn't this prove that Opera, being closed source, is a more secure browser, just be looking at Secunia shows that. even my OB1 OffByOne is very scure, thanks Ron for showing it to me

sorry, if i'm getting this all wrong, i'm still a little confused with the lay out of the pages in OB1

I am now an opera Evangelist

Beefcarver · #11 September 10th, 2005, 01:06 PM

i downloaded the patch and its now set to false. is that it?

nicM · #12 September 14th, 2005, 09:05 PM

Thanks for the warn, and for the fix link !

bigbuck · #13 September 14th, 2005, 11:08 PM

Quote:

Originally Posted by ice60

i'm reading this with OB1, becacue i don't want to leave any obvious records i've been using this pc ( family work PC which they know i'll screw around with if they give me the password, but i cracked it anyway

, and they're right, so far i have installed afew things i would never on my PC. not that they check the logs, and find out. it will all be cleared up and back to normal when i have finished.

anyway, doesn't this prove that Opera, being closed source, is a more secure browser, just be looking at Secunia shows that. even my OB1 OffByOne is very scure, thanks Ron for showing it to me

sorry, if i'm getting this all wrong, i'm still a little confused with the lay out of the pages in OB1

I am now an opera Evangelist

Hey J, Me Too! Just loving it!
BTW, are you running that OB1 (don't know anything about it) off a USB thumb drive? Like Portable Firefox ? I just read the other day that there's a portable thunderbird for thumbdrives too! Good stuff when using someone else's machine....

bigc73542 · #14 September 14th, 2005, 11:38 PM

you can hit help and then about firefox

#15 September 15th, 2005, 05:41 AM

Quote:

Originally Posted by bigbuck

Hey J, Me Too! Just loving it!
BTW, are you running that OB1 (don't know anything about it) off a USB thumb drive? Like Portable Firefox ? I just read the other day that there's a portable thunderbird for thumbdrives too! Good stuff when using someone else's machine....

hi, Brad no i'm not. it's a no install so i can just delete the folder when finished with it.

to tell the truth i don't remember writting my post and am a little shocked to see it. i'm looking after this business ATM and there's an apartment on the property, i was bored so went and bought a couple of really big beers the other night, that must have been when i wrote the post

i don't think i was still drunk in the morning, but not sure. i'm sure i'm not drunk now though. Wow, that was strong beer

Brian N · #16 September 15th, 2005, 06:12 AM

Good stuff, thank you Ron

ronjor · #17 September 15th, 2005, 11:06 AM

Thanks everyone.

New Firefox, Mozilla releases to fix bugs "shortly"

Quote:

The Mozilla Foundation plans to "shortly" release new versions of its Firefox and Mozilla Web browsers to address a recently disclosed serious security bug as well as several additional flaws, a representative said Wednesday.

Story

pamelajoy · #18 September 17th, 2005, 11:53 AM

I read about it here:
http://www.pcmag.com/article2/0,1895,1857898,00.asp

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search