lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <MAILFIREWALL2rNvgZW00000073@mailfirewall2.csis.dk>
Date: Sun Sep 11 09:24:37 2005
From: kruse at krusesecurity.dk (Peter Kruse)
Subject: Mozilla Firefox "Host:" Buffer Overflow Exploit

Hi Skylined, 

Thanks for the heads up. 

Yes, certainly this is/was remotely exploitable. The good part is, that the
Mozilla Team has released a "workaround"/security patch to fix this issue.
They accomplish this by disabling IDN. 

The "What Firefox and Mozilla users should know about the IDN buffer
overflow security issue" can be found at the following URL:
https://addons.mozilla.org/messages/307259.html

A patch for Mozilla Suite and Firefox users can be found here:
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259
.xpi

I can confirm that the fix plugs the hole.

Regards
Peter Kruse

________________________________

	From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Berend-Jan
Wever
	Sent: 10. september 2005 12:53
	To: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com;
security@...illa.org
	Subject: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow
Exploit
	
	
	(Just a little heads up, no details or PoC attached)
	 
	The security vulnerability in Mozilla FireFox reported by Tom Ferris
is exploitable on Windows.
	I developed a working exploit that seems to be 100% stable, though
I've only tested it on one system.
	The exploit will not be released publicly untill patches are out.
	 
	On a side note: it took only about 3 hours and 30 minutes to develop
the exploit, so I might not be the only one able to write it.
	 
	Cheers,
	SkyLined
	
	-- 
	Berend-Jan Wever <berendjanwever@...il.com>
	http://www.edup.tudelft.nl/~bjwever
<http://www.edup.tudelft.nl/~bjwever>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ