lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 16 Sep 2005 22:28:59 +0300 (EEST)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: milw0rm@...il.com
Cc: full-disclosure@...ts.grok.org.uk, berendjanwever@...il.com,
	bugtraq@...urityfocus.com, security@...illa.org
Subject: Re: FireFox Host: Buffer Overflow is not just
	exploitable on FireFox


> This problem also effects Thunderbird (tested) and im guessing
> Netscape's Mail client (untested) which it really can't do much except
> cause Thunderbird/Netscape to crash without javascript.
> 
> Include the linked source in an email for your testing.
> 
> http://www.milw0rm.com/down.php?id=1204
> 
> /str0ke

Only the newest 7.x version 7.2 has an internal Mail client. Version 
8.0.3.3 is browser-only version. Version 7.2 has unpatched, confirmed 
vulnerabilities due to older codebase like we know. Version 8 was 
released to fix them.
Your report will never reach Netscape due to non-working security [at] 
netscape.org (please read instructions to contact the vendor below).
 
> On 9/13/05, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote:
> > >Hi all,
> > >Research and development has let to a ~90% reliable working exploit 
for the
> > >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is
> > >turned off and JavaScript is enabled. Some tweaking might yield an even
> > >higher success ratio. It has also revealed that not only FireFox is
> > >vulnerable to this vulnerability, but the exact same exploit works on the
> > >latest releases of all these products based on the Mozilla engine:
> > >- Mozilla FireFox 1.0.6 and 1.5beta,
> > >- Mozilla Browser 1.7.11,
> > >- Netscape 8.0.3.3 <http://8.0.3.3>.
> > >Recommendations for this vulnerability:
> > >- FireFox and Mozilla: Install the workaround for (
> > https://addons.mozilla.org/messages/307259.html).
> > >- Netscape: hope they'll respond to this email and release a workaround.
> > >- Wait for a patch and install it asap.
> > >Recommendations to make it harder to exploit any FireFox vulnerability:
> > >- Turn on DEP (Data Execution Prevention),
> > >- Turn off JavaScript,
> > >- Switch to another browser,
> > >- Do not browse untrusted sites,
> > >- Do not browse the web at all,
> > >- Unplug your machine from the web,
> > >- Wear a tinfoil hat.
> > >Cheers,
> > >SkyLined
> > 
> > BTW: From where is that security [at] netscape.org address?
> > 1)
> > An official security URL to Netscape is "Netscape Browser Bug Submission
> > Form" at
> > http://browser.netscape.com/ns8/support/bugreport.jsp
> > (www.netscape.org redirects to home.netscape.com/ , of course they have
> > netscape.org, netscape.net etc.)
> > 
> > For version 7.2 (and 7.x?) it is the following:
> > http://wp.netscape.com/browsers/7/feedback/problem.html
> > Two separate addresses due to different developer teams, according to
> > my knowledge. Is there any new information?

---clip---

Please report your Netscape Mail client test results to Netscape with 
submission forms mentioned above.

- Juha-Matti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ