Mozilla "MSG_UnEscapeSearchUrl()" Buffer Overflow

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Thread Tools

Display Modes

12-30-2004, 10:16 PM

Mobo

Thinking outside the box

Join Date: Sep 2004

Location: Cape Breton

Posts: 4,574

The vulnerability is caused due to a boundary error in the "MSG_UnEscapeSearchUrl()" function in "nsNNTPProtocol.cpp" when processing NNTP URIs. This can be exploited via e.g. a malicious web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI.

Successful exploitation may allow execution of arbitrary code.

The vulnerability has been reported in version 1.7.3 and prior.

Solution:
Update to version 1.7.5.
http://www.mozilla.org/products/mozilla1.x/

imp:

__________________

Computer Tutorials

Download the New FIREFOX

Posted

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off

Forum Jump

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Mozilla Security Bypass and Buffer Overflow	Mobo	Security Alerts and vulnerabilities	1	12-10-2007 10:22 PM
Ca Multiple Products Buffer Overflow	Mobo	Security Alerts and vulnerabilities	0	05-24-2005 02:43 PM
McAfee LHA File Handling Buffer Overflow	Mobo	Security Alerts and vulnerabilities	0	03-18-2005 03:44 PM
WinRAR Delete File Buffer Overflow Vulnerability	Mobo	Security Alerts and vulnerabilities	0	12-22-2004 09:04 AM
Linux Zip Long Path Buffer Overflow Vulnerability	Mobo	Linux	0	11-05-2004 07:09 AM

All times are GMT -5. The time now is 02:37 AM.