Firefox, Mozilla, Netscape,URL Domain Name Buffer Overflow

Discussion in 'other security issues & news' started by ronjor, Sep 9, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,793
    Location:
    Texas
    Secunia

    More


    Netscape

    Mozilla
     
    Last edited: Sep 9, 2005
  2. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    :eek:

    Thanks for the heads up Ron.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,793
    Location:
    Texas
    No rest for the wicked. :D
     
  4. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Yay! Another exploit!

    *gets to work*

    (Thanks ronjor ;) Been waiting for one.)

    EDIT: My Proxomitron config pack (v4.44) now detects and removes this exploit.

    https://www.wilderssecurity.com/showpost.php?p=554120&postcount=16

    For those who want to use a standalone Proxomitron filter, here you go.

    *Had to attach filter in text file due to special character.*
     

    Attached Files:

    Last edited: Sep 9, 2005
  5. passing thru

    passing thru Guest

    According to FrSIRT a possible solution is:
    Disable IDN support by entering "about:config" in the location bar, and then setting "network.enableIDN" to "false"."

    http://isc.sans.org/diary.php?storyid=656

    No need for complicated filters.
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Thanks for the link passing through. I don't use Prox so this is cool. :cool:
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,793
    Location:
    Texas
  8. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
  9. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Thanks Ronjor
    Not perfect but still better!! ;)

    Regards
     
  10. ice60

    ice60 Guest

    i'm reading this with OB1, becacue i don't want to leave any obvious records i've been using this pc ( family work PC which they know i'll screw around with if they give me the password, but i cracked it anyway :D, and they're right, so far i have installed afew things i would never on my PC. not that they check the logs, and find out. it will all be cleared up and back to normal when i have finished.

    anyway, doesn't this prove that Opera, being closed source, is a more secure browser, just be looking at Secunia shows that. even my OB1 OffByOne is very scure, thanks Ron for showing it to me :)

    sorry, if i'm getting this all wrong, i'm still a little confused with the lay out of the pages in OB1

    I am now an opera Evangelist
     
  11. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    i downloaded the patch and its now set to false. is that it?
     
  12. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Thanks for the warn, and for the fix link ! :)
     
  13. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Hey J, Me Too! Just loving it!
    BTW, are you running that OB1 (don't know anything about it) off a USB thumb drive? Like Portable Firefox ? I just read the other day that there's a portable thunderbird for thumbdrives too! Good stuff when using someone else's machine....
     
  14. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    you can hit help and then about firefox
     

    Attached Files:

  15. ice60

    ice60 Guest

    hi, Brad no i'm not. it's a no install so i can just delete the folder when finished with it.

    to tell the truth i don't remember writting my post and am a little shocked to see it. i'm looking after this business ATM and there's an apartment on the property, i was bored so went and bought a couple of really big beers the other night, that must have been when i wrote the post o_O i don't think i was still drunk in the morning, but not sure. i'm sure i'm not drunk now though. Wow, that was strong beer :eek:
     
  16. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Good stuff, thank you Ron ;)
     
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,793
    Location:
    Texas
    Thanks everyone.

    New Firefox, Mozilla releases to fix bugs "shortly"

    Story
     
  18. pamelajoy

    pamelajoy Registered Member

    Joined:
    Jun 29, 2005
    Posts:
    127
    Location:
    Fairbanks, Alaska
Loading...
Thread Status:
Not open for further replies.