Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow

Release Date:
September 13, 2005

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox 1.5 Beta 1 (Deer Park Alpha 2) build 1.8b4 with IDN disabled.

Overview:
A buffer overflow vulnerability exists within Firefox 1.5 Beta 1 with IDN
disabled allows for an attacker to remotely execute arbitrary code on a
affected host.  Firefox 1.0.6 and all prior versions are not affected by this
particular variant of the 'Host:' issue.

Technical Details:
The workaround which was provided from Mozilla does not mitigate this issue.
The following HTML code below will reproduce this issue:

<IFRAME SRC=https:----------------------------------------------- >

Note, the difference from this one is the IFRAME and SRC= as the other flaw
was just HREF=.

Vendor Status:
Mozilla is currently working on a patch.

Discovered by:
Tom Ferris

Related Links:
www.security-protocols.com/deerpark-death.html
http://security-protocols.com/modules.php?name=News&file=article&sid=2920
http://security-protocols.com/modules.php?name=News&file=article&sid=2910
https://addons.mozilla.org/messages/307259.html
www.evolvesecurity.com

Copyright (c) 2005 Security-Protocols.com