Bugtraqmailing list archives
Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 16 Sep 2005 22:28:59 +0300 (EEST)
Only the newest 7.x version 7.2 has an internal Mail client. Version8.0.3.3 is browser-only version. Version 7.2 has unpatched, confirmedvulnerabilities due to older codebase like we know. Version 8 wasreleased to fix them.Your report will never reach Netscape due to non-working security [at]netscape.org (please read instructions to contact the vendor below).This problem also effects Thunderbird (tested) and im guessingNetscape's Mail client (untested) which it really can't do much exceptcause Thunderbird/Netscape to crash without javascript.Include the linked source in an email for your testing.http://www.milw0rm.com/down.php?id=1204/str0ke
On 9/13/05, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:> >Hi all,> >Research and development has let to a ~90% reliable working exploit
for the
> >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is> >turned off and JavaScript is enabled. Some tweaking might yield an even> >higher success ratio. It has also revealed that not only FireFox is> >vulnerable to this vulnerability, but the exact same exploit works on the> >latest releases of all these products based on the Mozilla engine:> >- Mozilla FireFox 1.0.6 and 1.5beta,> >- Mozilla Browser 1.7.11,> >- Netscape 8.0.3.3 <http://8.0.3.3>.> >Recommendations for this vulnerability:> >- FireFox and Mozilla: Install the workaround for (>https://addons.mozilla.org/messages/307259.html).> >- Netscape: hope they'll respond to this email and release a workaround.> >- Wait for a patch and install it asap.> >Recommendations to make it harder to exploit any FireFox vulnerability:> >- Turn on DEP (Data Execution Prevention),> >- Turn off JavaScript,> >- Switch to another browser,> >- Do not browse untrusted sites,> >- Do not browse the web at all,> >- Unplug your machine from the web,> >- Wear a tinfoil hat.> >Cheers,> >SkyLined>> BTW: From where is that security [at] netscape.org address?> 1)> An official security URL to Netscape is "Netscape Browser Bug Submission> Form" at>http://browser.netscape.com/ns8/support/bugreport.jsp> (www.netscape.org redirects to home.netscape.com/ , of course they have> netscape.org, netscape.net etc.)>> For version 7.2 (and 7.x?) it is the following:>http://wp.netscape.com/browsers/7/feedback/problem.html> Two separate addresses due to different developer teams, according to> my knowledge. Is there any new information?
---clip---Please report your Netscape Mail client test results to Netscape withsubmission forms mentioned above.
- Juha-Matti
Current thread:
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFoxJuha-Matti Laurio (Sep 16)
- <Possible follow-ups>
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFoxmilw0rm Inc. (Sep 16)