« The way to work pt.1
Googlebombing George W. Bush. »

New vunerability in Firefox 1.0.x and 1.5 Beta

I posted about this on boards.ie but thought I should put this up here too for all you firefox users.

Simple yet very effective buffer overflow bug vunerability found in FF 1.0.6(probably all 1.0.x) releases and Beta 1.5.

originally posted here

Technical Details:
The problem seems to be when a hostname which has all dashes causes the NormalizeIDN
call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an
empty string. Meaning, Firefox appends 0 to approxLen and then appends the long
string of dashes to the buffer instead. The following HTML code below will reproduce
this issue:

A HREF=https:———————————————

I’m assuming that this is already being exploited since it would take all of 10 seconds to post a URL somewhere.

Mozilla have a fix/workaround

This entry was posted on Thursday, September 15th, 2005 at 4:23 pm and is filed under Technical, The Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “New vunerability in Firefox 1.0.x and 1.5 Beta”

  1. Web Dev Ireland » Blog Archive » 23rd Post Meme Says:
    October 2nd, 2005 at 2:05 pm

    […] Well my 23rd post on 15th September 2005 and it was about a security vunerability in Firefox 1.0.x (oh dear god i’m such a geek!!!) […]

Leave a Reply