|
Home Forum Radio Memberlist Help Search Quick Links | |
| Forum Index » Internet » Security Alerts and vulnerabilities » Mozilla "MSG_UnEscapeSearchUrl()" Buffer Overflow |
| Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here.. |
 |
 |
|
Thread Tools | Display Modes |  |
|
#1
12-30-2004, 11:16 PM
|
||||
|
||||
|
The vulnerability is caused due to a boundary error in the "MSG_UnEscapeSearchUrl()" function in "nsNNTPProtocol.cpp" when processing NNTP URIs. This can be exploited via e.g. a malicious web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI.
Successful exploitation may allow execution of arbitrary code. The vulnerability has been reported in version 1.7.3 and prior. Solution: Update to version 1.7.5. http://www.mozilla.org/products/mozilla1.x/  imp:
|
 Posted |
|
| Bookmarks |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Mozilla Security Bypass and Buffer Overflow | Mobo | Security Alerts and vulnerabilities | 1 | 12-10-2007 11:22 PM |
| Ca Multiple Products Buffer Overflow | Mobo | Security Alerts and vulnerabilities | 0 | 05-24-2005 03:43 PM |
| McAfee LHA File Handling Buffer Overflow | Mobo | Security Alerts and vulnerabilities | 0 | 03-18-2005 04:44 PM |
| WinRAR Delete File Buffer Overflow Vulnerability | Mobo | Security Alerts and vulnerabilities | 0 | 12-22-2004 10:04 AM |
| Linux Zip Long Path Buffer Overflow Vulnerability | Mobo | Linux | 0 | 11-05-2004 08:09 AM |
|
||
|
|
|
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
