[ISN] Firefox flaw found: Remote exploit possible

From: InfoSec News (isn@private)
Date: Sun Sep 11 2005 - 23:23:23 PDT


http://www.computerworld.com/securitytopics/security/story/0,10801,104504,00.html

By Peter Sayer
SEPTEMBER 09, 2005
IDG NEWS SERVICE

Computers running the Firefox browser could be open to remote attack
as a result of a buffer overflow vulnerability reported today by
security researcher Tom Ferris.

Vulnerable versions of Firefox include all those up to 1.06, and even
the just-released Version 1.5 Beta 1 (Deer Park Alpha 2), Ferris wrote
in a posting to his Web site, Security Protocols, and to the Full
Disclosure security mailing list just after 1 a.m. EDT today.

Ferris said he reported the bug to staff at the Mozilla Foundation,
the organization behind the Firefox browsers, on Sept. 4, but had no
idea whether the foundation is working on a fix for the problem.

The problem is caused by a bug in the code Firefox uses to process
HTML links in Web pages, Ferris said. Links pointing to a host with a
long name composed entirely of dashes can be crafted so that Firefox
will execute arbitrary code of an attacker's choosing.

Mozilla officials said today that they learned of the issue on Tuesday
and are already working on a patch. "We have a preliminary patch for
part of the problem, and are in the process of developing a
comprehensive solution that will appear in a upcoming release," said
Michael Schroepfer, Mozilla's head of engineering. He was not sure
when the patch would be released.

Last month, Ferris reported a critical flaw in fully patched versions
of Microsoft Corp.'s Internet Explorer 6 running on Windows XP Service
Pack 2. The flaw was acknowledged by Microsoft, but in that instance,
Ferris did not reveal any details of the flaw or how it could be
exploited.

-=-

Computerworld's Sharon Machlis and Todd Weiss contributed to this
report.



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 



This archive was generated by hypermail 2.1.3 : Sun Sep 11 2005 - 23:45:26 PDT