On Fri, 9 Sep 2005, Dave Aitel wrote: :It's not consideration to hide the actual risk from users of the product. :That's just Microsoft hogwash. : :Right now, everyone knows they are at risk, and what to do about it - we can :stop using Firefox if we think it's a high enough risk vulnerability to do so. :This is definately better than just being in the dark for another week or so :until they get the patch done. : :-dave
What about all those poor mom's and dad's who were encouraged to use Firefox but have 0 clue as to what the heck Full-Disclosure is? Seems to me your idea of "everyone" is misguided. Cheers, : : :Larry Seltzer wrote: : :> Two interesting points: :> 1) It took several minutes and more browsing elsewhere (in Bugzilla) before :> my browser blew up after testing the POC. :> :> 2) When you reported a "Windows XP SP2 IE 6.0 Vulnerability" :> (http://security-protocols.com/modules.php?name=News&file=article&sid=2891) :> and a "Windows XP SP2 Remote Kernel DoS" :> (http://security-protocols.com/modules.php?name=News&file=article&sid=2783) :> you left the details of the bug and the POC out. Personally, I generally :> approve of that, but why don't Mozilla users deserve as much consideration? :> :> Larry Seltzer :> eWEEK.com Security Center Editor :> http://security.eweek.com/ :> http://blog.ziffdavis.com/seltzer :> Contributing Editor, PC Magazine :> [EMAIL PROTECTED] :> -----Original Message----- :> From: [EMAIL PROTECTED] :> [mailto:[EMAIL PROTECTED] On Behalf Of Tom Ferris :> Sent: Friday, September 09, 2005 2:10 AM :> To: full-disclosure@lists.grok.org.uk :> Subject: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow :> :> Mozilla Firefox "Host:" Buffer Overflow :> :> Release Date: :> September 8, 2005 :> :> Date Reported: :> September 4, 2005 :> :> Severity: :> Critical :> :> Vendor: :> Mozilla :> :> Versions Affected: :> Firefox Win32 1.0.6 and prior :> Firefox Linux 1.0.6 and prior :> Firefox 1.5 Beta 1 (Deer Park Alpha 2) :> :> Overview: :> :> A buffer overflow vulnerability exists within Firefox version 1.0.6 and all :> other prior versions which allows for an attacker to remotely execute :> arbitrary code on an affected host. :> :> Technical Details: :> The problem seems to be when a hostname which has all dashes causes the :> NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but :> is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen :> and then appends the long string of dashes to the buffer instead. The :> following HTML code below will reproduce this issue: :> :> <A HREF=https:--------------------------------------------- > :> :> Simple, huh? ;-] :> :> Vendor Status: :> Mozilla was notified, and im guessing they are working on a patch. Who knows :> though? :> :> Discovered by: :> Tom Ferris :> :> Related Links: :> www.security-protocols.com/firefox-death.html :> www.security-protocols.com/advisory/sp-x17-advisory.txt :> www.security-protocols.com/modules.php?name=News&file=article&sid=2910 :> :> Greetings: :> chico, modify, ac1djazz, dmuz, aempirei, Daniel Sergile, tupac shakur, and :> the rest of the angrypacket krew. :> :> Copyright (c) 2005 Security-Protocols.com :> :> Thanks, :> :> Tom Ferris :> Researcher :> www.security-protocols.com :> Key fingerprint = 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78 :> _______________________________________________ :> Full-Disclosure - We believe in it. :> Charter: http://lists.grok.org.uk/full-disclosure-charter.html :> Hosted and sponsored by Secunia - http://secunia.com/ :> :> :> _______________________________________________ :> Full-Disclosure - We believe in it. :> Charter: http://lists.grok.org.uk/full-disclosure-charter.html :> Hosted and sponsored by Secunia - http://secunia.com/ :> : :_______________________________________________ :Full-Disclosure - We believe in it. :Charter: http://lists.grok.org.uk/full-disclosure-charter.html :Hosted and sponsored by Secunia - http://secunia.com/ : : ------------------------------------------------------------- "Natural bridges on a clean west swell, Break over the reef like a bat of out hell." -- Sublime. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/