Firefox, Mozilla, Netscape,URL Domain Name Buffer Overflow

Discussion in 'other security issues & news' started by ronjor, Sep 9, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Secunia

    More


    Netscape

    Mozilla
     
    Last edited: Sep 9, 2005
  2. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    :eek:

    Thanks for the heads up Ron.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    No rest for the wicked. :D
     
  4. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Yay! Another exploit!

    *gets to work*

    (Thanks ronjor ;) Been waiting for one.)

    EDIT: My Proxomitron config pack (v4.44) now detects and removes this exploit.

    https://www.wilderssecurity.com/showpost.php?p=554120&postcount=16

    For those who want to use a standalone Proxomitron filter, here you go.

    *Had to attach filter in text file due to special character.*
     

    Attached Files:

    Last edited: Sep 9, 2005
  5. passing thru

    passing thru Guest

    According to FrSIRT a possible solution is:
    Disable IDN support by entering "about:config" in the location bar, and then setting "network.enableIDN" to "false"."

    http://isc.sans.org/diary.php?storyid=656

    No need for complicated filters.
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks for the link passing through. I don't use Prox so this is cool. :cool:
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
  8. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    Thanks Ronjor
    Not perfect but still better!! ;)

    Regards
     
  10. ice60

    ice60 Guest

    i'm reading this with OB1, becacue i don't want to leave any obvious records i've been using this pc ( family work PC which they know i'll screw around with if they give me the password, but i cracked it anyway :D, and they're right, so far i have installed afew things i would never on my PC. not that they check the logs, and find out. it will all be cleared up and back to normal when i have finished.

    anyway, doesn't this prove that Opera, being closed source, is a more secure browser, just be looking at Secunia shows that. even my OB1 OffByOne is very scure, thanks Ron for showing it to me :)

    sorry, if i'm getting this all wrong, i'm still a little confused with the lay out of the pages in OB1

    I am now an opera Evangelist
     
  11. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    i downloaded the patch and its now set to false. is that it?
     
  12. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Thanks for the warn, and for the fix link ! :)
     
  13. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Hey J, Me Too! Just loving it!
    BTW, are you running that OB1 (don't know anything about it) off a USB thumb drive? Like Portable Firefox ? I just read the other day that there's a portable thunderbird for thumbdrives too! Good stuff when using someone else's machine....
     
  14. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    you can hit help and then about firefox
     

    Attached Files:

  15. ice60

    ice60 Guest

    hi, Brad no i'm not. it's a no install so i can just delete the folder when finished with it.

    to tell the truth i don't remember writting my post and am a little shocked to see it. i'm looking after this business ATM and there's an apartment on the property, i was bored so went and bought a couple of really big beers the other night, that must have been when i wrote the post o_O i don't think i was still drunk in the morning, but not sure. i'm sure i'm not drunk now though. Wow, that was strong beer :eek:
     
  16. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    Good stuff, thank you Ron ;)
     
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Thanks everyone.

    New Firefox, Mozilla releases to fix bugs "shortly"

    Story
     
  18. pamelajoy

    pamelajoy Registered Member

    Joined:
    Jun 29, 2005
    Posts:
    127
    Location:
    Fairbanks, Alaska
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.