| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Sep 2005 11:39:37 -0500 From: "milw0rm Inc." <milw0rm@...il.com> To: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> Cc: security@...illa.org, security@...scape.org, berendjanwever@...il.com, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: FireFox Host: Buffer Overflow is not just exploitable on FireFox This problem also effects Thunderbird (tested) and im guessing Netscape's Mail client (untested) which it really can't do much except cause Thunderbird/Netscape to crash without javascript. Include the linked source in an email for your testing. http://www.milw0rm.com/down.php?id=1204 /str0ke On 9/13/05, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote: > >Hi all, > >Research and development has let to a ~90% reliable working exploit for the > >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is > >turned off and JavaScript is enabled. Some tweaking might yield an even > >higher success ratio. It has also revealed that not only FireFox is > >vulnerable to this vulnerability, but the exact same exploit works on the > >latest releases of all these products based on the Mozilla engine: > >- Mozilla FireFox 1.0.6 and 1.5beta, > >- Mozilla Browser 1.7.11, > >- Netscape 8.0.3.3 <http://8.0.3.3>. > >Recommendations for this vulnerability: > >- FireFox and Mozilla: Install the workaround for ( > https://addons.mozilla.org/messages/307259.html). > >- Netscape: hope they'll respond to this email and release a workaround. > >- Wait for a patch and install it asap. > >Recommendations to make it harder to exploit any FireFox vulnerability: > >- Turn on DEP (Data Execution Prevention), > >- Turn off JavaScript, > >- Switch to another browser, > >- Do not browse untrusted sites, > >- Do not browse the web at all, > >- Unplug your machine from the web, > >- Wear a tinfoil hat. > >Cheers, > >SkyLined > > BTW: From where is that security [at] netscape.org address? > 1) > An official security URL to Netscape is "Netscape Browser Bug Submission > Form" at > http://browser.netscape.com/ns8/support/bugreport.jsp > (www.netscape.org redirects to home.netscape.com/ , of course they have > netscape.org, netscape.net etc.) > > For version 7.2 (and 7.x?) it is the following: > http://wp.netscape.com/browsers/7/feedback/problem.html > Two separate addresses due to different developer teams, according to > my knowledge. Is there any new information? > > I have informed the vendor Netscape being affected on 9th September 2005. > > 2) > Disabling IDN support via about:config (or prefs.js file) is possible in > Netscape Browser 8 too. Xpi file for Firefox and Mozilla Suite works in > Netscape 8.0.3.3 too. Test was successful and even UA was changed to > include ....Gecko/20050729 (No IDN) Netscape/8.0.3.3. > However, the manual method is recommended. > I.e. there is a workaround for Netscape. Vendor developer team contacted > during a weekend, no reply yet. > > 3) > When an updated version of Netscape Browser 8 is available the download > link is http://browser.netscape.com/ns8/download/default.jsp > > - Juha-Matti > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists